The following issues were found
arch/m68k/sun3/mmu_emu.c
3 issues
Line: 53
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EXPORT_SYMBOL(m68k_vmalloc_end);
unsigned long pmeg_vaddr[PMEGS_NUM];
unsigned char pmeg_alloc[PMEGS_NUM];
unsigned char pmeg_ctx[PMEGS_NUM];
/* pointers to the mm structs for each task in each
context. 0xffffffff is a marker for kernel context */
static struct mm_struct *ctx_alloc[CONTEXTS_NUM] = {
Reported by FlawFinder.
Line: 54
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long pmeg_vaddr[PMEGS_NUM];
unsigned char pmeg_alloc[PMEGS_NUM];
unsigned char pmeg_ctx[PMEGS_NUM];
/* pointers to the mm structs for each task in each
context. 0xffffffff is a marker for kernel context */
static struct mm_struct *ctx_alloc[CONTEXTS_NUM] = {
[0] = (struct mm_struct *)0xffffffff
Reported by FlawFinder.
Line: 94
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#else
/* Terse version. More likely to fit on a line. */
unsigned long val = pte_val (pte);
char flags[7], *type;
flags[0] = (val & SUN3_PAGE_VALID) ? 'v' : '-';
flags[1] = (val & SUN3_PAGE_WRITEABLE) ? 'w' : '-';
flags[2] = (val & SUN3_PAGE_SYSTEM) ? 's' : '-';
flags[3] = (val & SUN3_PAGE_NOCACHE) ? 'x' : '-';
Reported by FlawFinder.
arch/alpha/kernel/setup.c
3 issues
Line: 498
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} else {
strlcpy(command_line, COMMAND_LINE, sizeof command_line);
}
strcpy(boot_command_line, command_line);
*cmdline_p = command_line;
/*
* Process command-line arguments.
*/
Reported by FlawFinder.
Line: 540
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
/* Replace the command line, now that we've killed it with strsep. */
strcpy(command_line, boot_command_line);
/* If we want SRM console printk echoing early, do it now. */
if (alpha_using_srm && srmcons_output) {
register_srm_console();
Reported by FlawFinder.
Line: 132
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char **, char **);
static void determine_cpu_caches (unsigned int);
static char __initdata command_line[COMMAND_LINE_SIZE];
/*
* The format of "screen_info" is strange, and due to early
* i386-setup code. This is just enough to make the console
* code think we're on a VGA color display.
Reported by FlawFinder.
arch/x86/lib/memcpy_32.c
3 issues
Line: 5
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#include <linux/string.h>
#include <linux/export.h>
#undef memcpy
#undef memset
__visible void *memcpy(void *to, const void *from, size_t n)
{
#if defined(CONFIG_X86_USE_3DNOW) && !defined(CONFIG_FORTIFY_SOURCE)
Reported by FlawFinder.
Line: 8
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#undef memcpy
#undef memset
__visible void *memcpy(void *to, const void *from, size_t n)
{
#if defined(CONFIG_X86_USE_3DNOW) && !defined(CONFIG_FORTIFY_SOURCE)
return __memcpy3d(to, from, n);
#else
return __memcpy(to, from, n);
Reported by FlawFinder.
Line: 16
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return __memcpy(to, from, n);
#endif
}
EXPORT_SYMBOL(memcpy);
__visible void *memset(void *s, int c, size_t count)
{
return __memset(s, c, count);
}
Reported by FlawFinder.
arch/mips/ar7/platform.c
3 issues
Line: 285
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init cpmac_get_mac(int instance, unsigned char *dev_addr)
{
char name[5], *mac;
sprintf(name, "mac%c", 'a' + instance);
mac = prom_getenv(name);
if (!mac && instance) {
sprintf(name, "mac%c", 'a');
Reported by FlawFinder.
Line: 287
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
char name[5], *mac;
sprintf(name, "mac%c", 'a' + instance);
mac = prom_getenv(name);
if (!mac && instance) {
sprintf(name, "mac%c", 'a');
mac = prom_getenv(name);
}
Reported by FlawFinder.
Line: 290
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(name, "mac%c", 'a' + instance);
mac = prom_getenv(name);
if (!mac && instance) {
sprintf(name, "mac%c", 'a');
mac = prom_getenv(name);
}
if (mac) {
if (!mac_pton(mac, dev_addr)) {
Reported by FlawFinder.
arch/xtensa/kernel/setup.c
3 issues
Line: 165
CWE codes:
570
/* Parse all tags. */
while (tag != NULL && tag->id != BP_TAG_LAST) {
for (t = &__tagtable_begin; t < &__tagtable_end; t++) {
if (tag->id == t->tag) {
t->parse(tag);
break;
}
}
Reported by Cppcheck.
Line: 74
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Command line specified as configuration option. */
static char __initdata command_line[COMMAND_LINE_SIZE];
#ifdef CONFIG_CMDLINE_BOOL
static char default_command_line[COMMAND_LINE_SIZE] __initdata = CONFIG_CMDLINE;
#endif
Reported by FlawFinder.
Line: 77
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char __initdata command_line[COMMAND_LINE_SIZE];
#ifdef CONFIG_CMDLINE_BOOL
static char default_command_line[COMMAND_LINE_SIZE] __initdata = CONFIG_CMDLINE;
#endif
#ifdef CONFIG_PARSE_BOOTPARAM
/*
* Boot parameter parsing.
Reported by FlawFinder.
arch/um/drivers/harddog_user.c
3 issues
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dog_data data;
int in_fds[2], out_fds[2], pid, n, err;
char pid_buf[sizeof("nnnnnnn\0")], c;
char *pid_args[] = { "/usr/bin/uml_watchdog", "-pid", pid_buf, NULL };
char *mconsole_args[] = { "/usr/bin/uml_watchdog", "-mconsole", NULL,
NULL };
char **args = NULL;
Reported by FlawFinder.
Line: 63
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
else {
/* XXX The os_getpid() is not SMP correct */
sprintf(pid_buf, "%d", os_getpid());
args = pid_args;
}
pid = run_helper(pre_exec, &data, args);
Reported by FlawFinder.
Line: 78
Column: 6
CWE codes:
120
20
goto out_close_out;
}
n = read(in_fds[0], &c, sizeof(c));
if (n == 0) {
printk("harddog_open - EOF on watchdog pipe\n");
helper_wait(pid);
err = -EIO;
goto out_close_out;
Reported by FlawFinder.
arch/powerpc/platforms/pseries/nvram.c
3 issues
Line: 26
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned int nvram_size;
static int nvram_fetch, nvram_store;
static char nvram_buf[NVRW_CNT]; /* assume this is in the first 4GB */
static DEFINE_SPINLOCK(nvram_lock);
/* See clobbering_unread_rtas_event() */
#define NVRAM_RTAS_READ_TIMEOUT 5 /* seconds */
static time64_t last_unread_rtas_event; /* timestamp */
Reported by FlawFinder.
Line: 69
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EIO;
}
memcpy(p, nvram_buf, len);
p += len;
i += len;
}
Reported by FlawFinder.
Line: 106
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len > NVRW_CNT)
len = NVRW_CNT;
memcpy(nvram_buf, p, len);
if ((rtas_call(nvram_store, 3, 2, &done, i, __pa(nvram_buf),
len) != 0) || len != done) {
spin_unlock_irqrestore(&nvram_lock, flags);
return -EIO;
Reported by FlawFinder.
arch/m68k/mvme16x/config.c
3 issues
Line: 85
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
suf[3] = '\0';
suf[0] = suf[1] ? '-' : '\0';
sprintf(model, "Motorola MVME%x%s", be16_to_cpu(p->brdno), suf);
}
static void mvme16x_get_hardware_list(struct seq_file *m)
{
Reported by FlawFinder.
Line: 78
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void mvme16x_get_model(char *model)
{
p_bdid p = &mvme_bdid;
char suf[4];
suf[1] = p->brdsuffix[0];
suf[2] = p->brdsuffix[1];
suf[3] = '\0';
suf[0] = suf[1] ? '-' : '\0';
Reported by FlawFinder.
Line: 268
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __init config_mvme16x(void)
{
p_bdid p = &mvme_bdid;
char id[40];
uint16_t brdno = be16_to_cpu(p->brdno);
mach_sched_init = mvme16x_sched_init;
mach_init_IRQ = mvme16x_init_IRQ;
mach_hwclk = mvme16x_hwclk;
Reported by FlawFinder.
arch/x86/tools/relocs_common.c
3 issues
Line: 8
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
exit(1);
}
static void usage(void)
Reported by FlawFinder.
Line: 26
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *fname;
FILE *fp;
int i;
unsigned char e_ident[EI_NIDENT];
show_absolute_syms = 0;
show_absolute_relocs = 0;
show_reloc_info = 0;
as_text = 0;
Reported by FlawFinder.
Line: 67
Column: 7
CWE codes:
362
if (!fname) {
usage();
}
fp = fopen(fname, "r");
if (!fp) {
die("Cannot open %s: %s\n", fname, strerror(errno));
}
if (fread(&e_ident, 1, EI_NIDENT, fp) != EI_NIDENT) {
die("Cannot read %s: %s", fname, strerror(errno));
Reported by FlawFinder.
arch/mips/bcm47xx/setup.c
3 issues
Line: 108
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init bcm47xx_register_ssb(void)
{
int err;
char buf[100];
struct ssb_mipscore *mcore;
err = ssb_bus_host_soc_register(&bcm47xx_bus.ssb, SSB_ENUM_BASE);
if (err)
panic("Failed to initialize SSB bus (err %d)", err);
Reported by FlawFinder.
Line: 123
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_debug("Swapping serial ports!\n");
/* swap serial ports */
memcpy(&port, &mcore->serial_ports[0], sizeof(port));
memcpy(&mcore->serial_ports[0], &mcore->serial_ports[1],
sizeof(port));
memcpy(&mcore->serial_ports[1], &port, sizeof(port));
}
}
}
Reported by FlawFinder.
Line: 125
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&port, &mcore->serial_ports[0], sizeof(port));
memcpy(&mcore->serial_ports[0], &mcore->serial_ports[1],
sizeof(port));
memcpy(&mcore->serial_ports[1], &port, sizeof(port));
}
}
}
#endif
Reported by FlawFinder.