The following issues were found
arch/arm/mach-orion5x/kurobox_pro-setup.c
3 issues
Line: 226
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i;
unsigned char checksum = 0;
unsigned char recv_buf[40];
unsigned char send_buf[40];
unsigned char correct_ack[3];
int retry = 2;
/* Generate checksum */
Reported by FlawFinder.
Line: 227
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
unsigned char checksum = 0;
unsigned char recv_buf[40];
unsigned char send_buf[40];
unsigned char correct_ack[3];
int retry = 2;
/* Generate checksum */
for (i = 0; i < count; i++)
Reported by FlawFinder.
Line: 228
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char checksum = 0;
unsigned char recv_buf[40];
unsigned char send_buf[40];
unsigned char correct_ack[3];
int retry = 2;
/* Generate checksum */
for (i = 0; i < count; i++)
checksum -= data[i];
Reported by FlawFinder.
arch/x86/kernel/kgdb.c
3 issues
Line: 101
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
if (dbg_reg_def[regno].offset != -1)
memcpy((void *)regs + dbg_reg_def[regno].offset, mem,
dbg_reg_def[regno].size);
return 0;
}
char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs)
Reported by FlawFinder.
Line: 109
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs)
{
if (regno == GDB_ORIG_AX) {
memcpy(mem, ®s->orig_ax, sizeof(regs->orig_ax));
return "orig_ax";
}
if (regno >= DBG_MAX_REG_NUM || regno < 0)
return NULL;
Reported by FlawFinder.
Line: 116
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
if (dbg_reg_def[regno].offset != -1)
memcpy(mem, (void *)regs + dbg_reg_def[regno].offset,
dbg_reg_def[regno].size);
#ifdef CONFIG_X86_32
switch (regno) {
case GDB_GS:
Reported by FlawFinder.
arch/powerpc/platforms/pseries/ibmebus.c
3 issues
Line: 258
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!out)
return NULL;
memcpy(out, in, count);
out[count] = '\0';
if (out[count - 1] == '\n')
out[count - 1] = '\0';
return out;
Reported by FlawFinder.
Line: 397
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct platform_device *ofdev;
ofdev = to_platform_device(dev);
return sprintf(buf, "%pOF\n", ofdev->dev.of_node);
}
static DEVICE_ATTR_RO(devspec);
static ssize_t name_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 407
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct platform_device *ofdev;
ofdev = to_platform_device(dev);
return sprintf(buf, "%pOFn\n", ofdev->dev.of_node);
}
static DEVICE_ATTR_RO(name);
static ssize_t modalias_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
arch/mips/loongson2ef/common/machtype.c
3 issues
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __init prom_init_machtype(void)
{
char *p, str[MACHTYPE_LEN + 1];
int machtype = MACH_LEMOTE_FL2E;
mips_machtype = LOONGSON_MACHTYPE;
p = strstr(arcs_cmdline, "machtype=");
Reported by FlawFinder.
Line: 50
Column: 7
CWE codes:
126
mach_prom_init_machtype();
return;
}
p += strlen("machtype=");
strncpy(str, p, MACHTYPE_LEN);
str[MACHTYPE_LEN] = '\0';
p = strstr(str, " ");
if (p)
*p = '\0';
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
120
return;
}
p += strlen("machtype=");
strncpy(str, p, MACHTYPE_LEN);
str[MACHTYPE_LEN] = '\0';
p = strstr(str, " ");
if (p)
*p = '\0';
Reported by FlawFinder.
arch/mips/loongson2ef/lemote-2f/machtype.c
3 issues
Line: 38
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
mips_machtype = MACH_LEMOTE_NAS;
strcat(arcs_cmdline, " machtype=");
strcat(arcs_cmdline, get_system_type());
strcat(arcs_cmdline, " ");
}
}
Reported by FlawFinder.
Line: 37
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
else
mips_machtype = MACH_LEMOTE_NAS;
strcat(arcs_cmdline, " machtype=");
strcat(arcs_cmdline, get_system_type());
strcat(arcs_cmdline, " ");
}
}
Reported by FlawFinder.
Line: 39
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(arcs_cmdline, " machtype=");
strcat(arcs_cmdline, get_system_type());
strcat(arcs_cmdline, " ");
}
}
Reported by FlawFinder.
arch/powerpc/kernel/pci-common.c
3 issues
Line: 1598
Column: 14
CWE codes:
120
20
devfn, offset, value); \
}
EARLY_PCI_OP(read, byte, u8 *)
EARLY_PCI_OP(read, word, u16 *)
EARLY_PCI_OP(read, dword, u32 *)
EARLY_PCI_OP(write, byte, u8)
EARLY_PCI_OP(write, word, u16)
EARLY_PCI_OP(write, dword, u32)
Reported by FlawFinder.
Line: 1599
Column: 14
CWE codes:
120
20
}
EARLY_PCI_OP(read, byte, u8 *)
EARLY_PCI_OP(read, word, u16 *)
EARLY_PCI_OP(read, dword, u32 *)
EARLY_PCI_OP(write, byte, u8)
EARLY_PCI_OP(write, word, u16)
EARLY_PCI_OP(write, dword, u32)
Reported by FlawFinder.
Line: 1600
Column: 14
CWE codes:
120
20
EARLY_PCI_OP(read, byte, u8 *)
EARLY_PCI_OP(read, word, u16 *)
EARLY_PCI_OP(read, dword, u32 *)
EARLY_PCI_OP(write, byte, u8)
EARLY_PCI_OP(write, word, u16)
EARLY_PCI_OP(write, dword, u32)
int early_find_capability(struct pci_controller *hose, int bus, int devfn,
Reported by FlawFinder.
arch/nds32/kernel/setup.c
3 issues
Line: 97
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; hwcap_str[i]; i++) {
if (elf_hwcap & (1 << i)) {
sprintf(str + p, "%s ", hwcap_str[i]);
p += strlen(hwcap_str[i]) + 1;
}
}
pr_info("CPU%d Features: %s\n", cpu, str);
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init dump_cpu_info(int cpu)
{
int i, p = 0;
char str[sizeof(hwcap_str) + 16];
for (i = 0; hwcap_str[i]; i++) {
if (elf_hwcap & (1 << i)) {
sprintf(str + p, "%s ", hwcap_str[i]);
p += strlen(hwcap_str[i]) + 1;
Reported by FlawFinder.
Line: 98
Column: 9
CWE codes:
126
for (i = 0; hwcap_str[i]; i++) {
if (elf_hwcap & (1 << i)) {
sprintf(str + p, "%s ", hwcap_str[i]);
p += strlen(hwcap_str[i]) + 1;
}
}
pr_info("CPU%d Features: %s\n", cpu, str);
Reported by FlawFinder.
arch/h8300/kernel/setup.c
3 issues
Line: 64
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!fdt)
fdt = __dtb_start;
else
strcpy(command_line, bootargs);
early_init_dt_scan(fdt);
memblock_allow_resize();
}
Reported by FlawFinder.
Line: 104
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pr_notice("Flat model support (C) 1998,1999 Kenneth Albanowski, D. Jeff Dionne\n");
if (*command_line)
strcpy(boot_command_line, command_line);
*cmdline_p = boot_command_line;
parse_early_param();
bootmem_init();
Reported by FlawFinder.
Line: 55
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct screen_info screen_info;
#endif
char __initdata command_line[COMMAND_LINE_SIZE];
void sim_console_register(void);
void __init h8300_fdt_init(void *fdt, char *bootargs)
{
Reported by FlawFinder.
arch/powerpc/lib/test_emulate_step.c
3 issues
Line: 927
.descr = "R0 = LONG_MAX",
.instr = ppc_inst(PPC_RAW_NOP()),
.regs = {
.gpr[0] = LONG_MAX,
}
}
}
},
{
Reported by Cppcheck.
Line: 1681
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ignore_ccr = flags & IGNORE_CCR;
passed = true;
memcpy(&exp, regs, sizeof(struct pt_regs));
memcpy(&got, regs, sizeof(struct pt_regs));
/*
* Set a compatible MSR value explicitly to ensure
* that XER and CR bits are updated appropriately
Reported by FlawFinder.
Line: 1682
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
passed = true;
memcpy(&exp, regs, sizeof(struct pt_regs));
memcpy(&got, regs, sizeof(struct pt_regs));
/*
* Set a compatible MSR value explicitly to ensure
* that XER and CR bits are updated appropriately
*/
Reported by FlawFinder.
arch/x86/include/asm/cpufeature.h
3 issues
Line: 38
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
#ifdef CONFIG_X86_FEATURE_NAMES
extern const char * const x86_cap_flags[NCAPINTS*32];
extern const char * const x86_power_flags[32];
#define X86_CAP_FMT "%s"
#define x86_cap_flag(flag) x86_cap_flags[flag]
#else
#define X86_CAP_FMT "%d:%d"
Reported by FlawFinder.
Line: 39
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_X86_FEATURE_NAMES
extern const char * const x86_cap_flags[NCAPINTS*32];
extern const char * const x86_power_flags[32];
#define X86_CAP_FMT "%s"
#define x86_cap_flag(flag) x86_cap_flags[flag]
#else
#define X86_CAP_FMT "%d:%d"
#define x86_cap_flag(flag) ((flag) >> 5), ((flag) & 31)
Reported by FlawFinder.
Line: 51
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* In order to save room, we index into this array by doing
* X86_BUG_<name> - NCAPINTS*32.
*/
extern const char * const x86_bug_flags[NBUGINTS*32];
#define test_cpu_cap(c, bit) \
test_bit(bit, (unsigned long *)((c)->x86_capability))
/*
Reported by FlawFinder.