The following issues were found
arch/x86/include/asm/insn-eval.h
3 issues
Line: 25
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long insn_get_seg_base(struct pt_regs *regs, int seg_reg_idx);
int insn_get_code_seg_params(struct pt_regs *regs);
int insn_fetch_from_user(struct pt_regs *regs,
unsigned char buf[MAX_INSN_SIZE]);
int insn_fetch_from_user_inatomic(struct pt_regs *regs,
unsigned char buf[MAX_INSN_SIZE]);
bool insn_decode_from_regs(struct insn *insn, struct pt_regs *regs,
unsigned char buf[MAX_INSN_SIZE], int buf_size);
Reported by FlawFinder.
Line: 27
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int insn_fetch_from_user(struct pt_regs *regs,
unsigned char buf[MAX_INSN_SIZE]);
int insn_fetch_from_user_inatomic(struct pt_regs *regs,
unsigned char buf[MAX_INSN_SIZE]);
bool insn_decode_from_regs(struct insn *insn, struct pt_regs *regs,
unsigned char buf[MAX_INSN_SIZE], int buf_size);
#endif /* _ASM_X86_INSN_EVAL_H */
Reported by FlawFinder.
Line: 29
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int insn_fetch_from_user_inatomic(struct pt_regs *regs,
unsigned char buf[MAX_INSN_SIZE]);
bool insn_decode_from_regs(struct insn *insn, struct pt_regs *regs,
unsigned char buf[MAX_INSN_SIZE], int buf_size);
#endif /* _ASM_X86_INSN_EVAL_H */
Reported by FlawFinder.
arch/s390/include/asm/cpu_mcf.h
3 issues
Line: 83
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int flags;
size_t used; /* Bytes used in data */
size_t usedss; /* Bytes used in start/stop */
unsigned char start[PAGE_SIZE]; /* Counter set at event add */
unsigned char stop[PAGE_SIZE]; /* Counter set at event delete */
unsigned char data[PAGE_SIZE]; /* Counter set at /dev/hwctr */
unsigned int sets; /* # Counter set saved in memory */
};
DECLARE_PER_CPU(struct cpu_cf_events, cpu_cf_events);
Reported by FlawFinder.
Line: 84
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t used; /* Bytes used in data */
size_t usedss; /* Bytes used in start/stop */
unsigned char start[PAGE_SIZE]; /* Counter set at event add */
unsigned char stop[PAGE_SIZE]; /* Counter set at event delete */
unsigned char data[PAGE_SIZE]; /* Counter set at /dev/hwctr */
unsigned int sets; /* # Counter set saved in memory */
};
DECLARE_PER_CPU(struct cpu_cf_events, cpu_cf_events);
Reported by FlawFinder.
Line: 85
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t usedss; /* Bytes used in start/stop */
unsigned char start[PAGE_SIZE]; /* Counter set at event add */
unsigned char stop[PAGE_SIZE]; /* Counter set at event delete */
unsigned char data[PAGE_SIZE]; /* Counter set at /dev/hwctr */
unsigned int sets; /* # Counter set saved in memory */
};
DECLARE_PER_CPU(struct cpu_cf_events, cpu_cf_events);
bool kernel_cpumcf_avail(void);
Reported by FlawFinder.
arch/csky/abiv2/strksyms.c
3 issues
Line: 11
Column: 15
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
EXPORT_SYMBOL(memcmp);
EXPORT_SYMBOL(memmove);
EXPORT_SYMBOL(strcmp);
EXPORT_SYMBOL(strcpy);
EXPORT_SYMBOL(strlen);
Reported by FlawFinder.
Line: 6
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#include <linux/module.h>
EXPORT_SYMBOL(memcpy);
EXPORT_SYMBOL(memset);
EXPORT_SYMBOL(memcmp);
EXPORT_SYMBOL(memmove);
EXPORT_SYMBOL(strcmp);
EXPORT_SYMBOL(strcpy);
Reported by FlawFinder.
Line: 12
Column: 15
CWE codes:
126
EXPORT_SYMBOL(memmove);
EXPORT_SYMBOL(strcmp);
EXPORT_SYMBOL(strcpy);
EXPORT_SYMBOL(strlen);
Reported by FlawFinder.
arch/csky/abiv2/inc/abi/string.h
3 issues
Line: 22
Column: 14
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
extern int strcmp(const char *, const char *);
#define __HAVE_ARCH_STRCPY
extern char *strcpy(char *, const char *);
#define __HAVE_ARCH_STRLEN
extern __kernel_size_t strlen(const char *);
#endif /* __ABI_CSKY_STRING_H */
Reported by FlawFinder.
Line: 10
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
extern int memcmp(const void *, const void *, __kernel_size_t);
#define __HAVE_ARCH_MEMCPY
extern void *memcpy(void *, const void *, __kernel_size_t);
#define __HAVE_ARCH_MEMMOVE
extern void *memmove(void *, const void *, __kernel_size_t);
#define __HAVE_ARCH_MEMSET
Reported by FlawFinder.
Line: 25
Column: 24
CWE codes:
126
extern char *strcpy(char *, const char *);
#define __HAVE_ARCH_STRLEN
extern __kernel_size_t strlen(const char *);
#endif /* __ABI_CSKY_STRING_H */
Reported by FlawFinder.
arch/mips/sgi-ip32/ip32-setup.c
3 issues
Line: 94
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static char options[8] __initdata;
char *baud = ArcGetEnvironmentVariable("dbaud");
if (baud)
strcpy(options, baud);
add_preferred_console("ttyS", *(con + 1) == '2' ? 1 : 0,
baud ? options : NULL);
}
}
#endif
Reported by FlawFinder.
Line: 37
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* This is taken care of in here 'cause they say using Arc later on is
* problematic
*/
extern char o2meth_eaddr[8];
static inline unsigned char str2hexnum(unsigned char c)
{
if (c >= '0' && c <= '9')
return c - '0';
if (c >= 'a' && c <= 'f')
Reported by FlawFinder.
Line: 91
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char* con = ArcGetEnvironmentVariable("console");
if (con && *con == 'd') {
static char options[8] __initdata;
char *baud = ArcGetEnvironmentVariable("dbaud");
if (baud)
strcpy(options, baud);
add_preferred_console("ttyS", *(con + 1) == '2' ? 1 : 0,
baud ? options : NULL);
Reported by FlawFinder.
arch/x86/kernel/hpet.c
3 issues
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int in_use;
enum hpet_mode mode;
unsigned int boot_cfg;
char name[10];
};
struct hpet_base {
unsigned int nr_channels;
unsigned int nr_clockevents;
Reported by FlawFinder.
Line: 730
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(hc->boot_cfg & HPET_TN_FSB_CAP))
continue;
sprintf(hc->name, "hpet%d", i);
irq = hpet_assign_irq(hpet_domain, hc, hc->num);
if (irq <= 0)
continue;
Reported by FlawFinder.
Line: 423
Column: 2
CWE codes:
120
* the IO_APIC has been initialized.
*/
hc->cpu = boot_cpu_data.cpu_index;
strncpy(hc->name, "hpet", sizeof(hc->name));
hpet_init_clockevent(hc, 50);
hc->evt.tick_resume = hpet_clkevt_legacy_resume;
/*
Reported by FlawFinder.
block/bsg.c
3 issues
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spinlock_t lock;
struct hlist_node dev_list;
refcount_t ref_count;
char name[20];
int max_queue;
};
#define BSG_DEFAULT_CMDS 64
#define BSG_MAX_DEVS 32768
Reported by FlawFinder.
Line: 243
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct file *file)
{
struct bsg_device *bd;
unsigned char buf[32];
lockdep_assert_held(&bsg_mutex);
if (!blk_get_queue(rq))
return ERR_PTR(-ENXIO);
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
120
refcount_set(&bd->ref_count, 1);
hlist_add_head(&bd->dev_list, bsg_dev_idx_hash(iminor(inode)));
strncpy(bd->name, dev_name(rq->bsg_dev.class_dev), sizeof(bd->name) - 1);
bsg_dbg(bd, "bound to <%s>, max queue %d\n",
format_dev_t(buf, inode->i_rdev), bd->max_queue);
return bd;
}
Reported by FlawFinder.
arch/mips/mti-malta/malta-dtshim.c
3 issues
Line: 25
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ROCIT_CONFIG_GEN1_MEMMAP_SHIFT 8
#define ROCIT_CONFIG_GEN1_MEMMAP_MASK (0xf << 8)
static unsigned char fdt_buf[16 << 10] __initdata;
/* determined physical memory size, not overridden by command line args */
extern unsigned long physical_memsize;
enum mem_map {
Reported by FlawFinder.
Line: 139
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, err, mem_off;
enum mem_map mem_map;
u32 config;
char *var, param_name[10], *var_names[] = {
"ememsize", "memsize",
};
/* if a memory node already exists, leave it alone */
mem_off = fdt_path_offset(fdt, "/memory");
Reported by FlawFinder.
Line: 185
Column: 28
CWE codes:
126
if (!var)
continue;
memsize = memparse(var + strlen(param_name), NULL);
}
/* if the user says there's more RAM than we thought, believe them */
physical_memsize = max_t(unsigned long, physical_memsize, memsize);
Reported by FlawFinder.
arch/powerpc/platforms/pasemi/gpio_mdio.c
3 issues
Line: 85
Column: 50
CWE codes:
120
20
}
/* Utility to send the preamble, address, and register (common to read and write). */
static void bitbang_pre(struct mii_bus *bus, int read, u8 addr, u8 reg)
{
int i;
/* CFE uses a really long preamble (40 bits). We'll do the same. */
mdio_active(bus);
Reported by FlawFinder.
Line: 99
Column: 17
CWE codes:
120
20
clock_out(bus, 0);
clock_out(bus, 1);
clock_out(bus, read);
clock_out(bus, !read);
/* send the PHY address */
for (i = 0; i < 5; i++) {
clock_out(bus, (addr & 0x10) != 0);
Reported by FlawFinder.
Line: 100
Column: 18
CWE codes:
120
20
clock_out(bus, 1);
clock_out(bus, read);
clock_out(bus, !read);
/* send the PHY address */
for (i = 0; i < 5; i++) {
clock_out(bus, (addr & 0x10) != 0);
addr <<= 1;
Reported by FlawFinder.
arch/powerpc/platforms/powermac/nvram.c
3 issues
Line: 57
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 signature;
u8 cksum;
u16 len;
char name[12];
u8 data[];
};
struct core99_header {
struct chrp_header hdr;
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i + count > NVRAM_SIZE)
count = NVRAM_SIZE - i;
memcpy(buf, &nvram_image[i], count);
*index = i + count;
return count;
}
static ssize_t core99_nvram_write(char *buf, size_t count, loff_t *index)
Reported by FlawFinder.
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i + count > NVRAM_SIZE)
count = NVRAM_SIZE - i;
memcpy(&nvram_image[i], buf, count);
*index = i + count;
return count;
}
static ssize_t core99_nvram_size(void)
Reported by FlawFinder.