The following issues were found
arch/powerpc/platforms/cell/cbe_thermal.c
3 issues
Line: 98
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
value = spu_read_register_value(dev, &pmd_regs->ts_ctsr1);
return sprintf(buf, "%d\n", reg_to_temp(value));
}
static ssize_t show_throttle(struct cbe_pmd_regs __iomem *pmd_regs, char *buf, int pos)
{
u64 value;
Reported by FlawFinder.
Line: 110
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
value >>= pos;
value &= 0x3F;
return sprintf(buf, "%d\n", reg_to_temp(value));
}
static ssize_t store_throttle(struct cbe_pmd_regs __iomem *pmd_regs, const char *buf, size_t size, int pos)
{
u64 reg_value;
Reported by FlawFinder.
Line: 184
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
value = (value >> pos) & 0x3f;
return sprintf(buf, "%d\n", reg_to_temp(value));
}
/* shows the temperature of the DTS on the PPE,
* located near the linear thermal sensor */
Reported by FlawFinder.
arch/xtensa/platforms/iss/setup.c
3 issues
Line: 78
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
for (i = 1; i < argc; ++i) {
if (i > 1)
strcat(cmdline, " ");
strcat(cmdline, argv[i]);
}
*p_cmdline = cmdline;
}
}
Reported by FlawFinder.
Line: 61
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __init platform_setup(char **p_cmdline)
{
static void *argv[COMMAND_LINE_SIZE / sizeof(void *)] __initdata;
static char cmdline[COMMAND_LINE_SIZE] __initdata;
int argc = simc_argc();
int argv_size = simc_argv_size();
if (argc > 1) {
if (argv_size > sizeof(argv)) {
Reported by FlawFinder.
Line: 77
Column: 6
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
for (i = 1; i < argc; ++i) {
if (i > 1)
strcat(cmdline, " ");
strcat(cmdline, argv[i]);
}
*p_cmdline = cmdline;
}
}
Reported by FlawFinder.
arch/mips/boot/tools/relocs.c
3 issues
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void regex_init(void)
{
char errbuf[128];
int err;
err = regcomp(&sym_regex_c, regex_sym_kernel,
REG_EXTENDED|REG_NOSUB);
Reported by FlawFinder.
Line: 553
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int write_reloc_as_bin(uint32_t v, FILE *f)
{
unsigned char buf[4];
v = cpu_to_elf32(v);
memcpy(buf, &v, sizeof(uint32_t));
return fwrite(buf, 1, 4, f);
Reported by FlawFinder.
Line: 557
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
v = cpu_to_elf32(v);
memcpy(buf, &v, sizeof(uint32_t));
return fwrite(buf, 1, 4, f);
}
static int write_reloc_as_text(uint32_t v, FILE *f)
{
Reported by FlawFinder.
arch/mips/boot/tools/relocs_main.c
3 issues
Line: 19
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
exit(1);
}
static void usage(void)
Reported by FlawFinder.
Line: 35
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *fname;
FILE *fp;
int i;
unsigned char e_ident[EI_NIDENT];
show_reloc_info = 0;
as_text = 0;
as_bin = 0;
keep_relocs = 0;
Reported by FlawFinder.
Line: 71
Column: 7
CWE codes:
362
if (!fname)
usage();
fp = fopen(fname, "r+");
if (!fp)
die("Cannot open %s: %s\n", fname, strerror(errno));
if (fread(&e_ident, 1, EI_NIDENT, fp) != EI_NIDENT)
die("Cannot read %s: %s", fname, strerror(errno));
Reported by FlawFinder.
arch/m68k/include/asm/tlbflush.h
3 issues
Line: 111
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Reserved PMEGs. */
extern char sun3_reserved_pmeg[SUN3_PMEGS_NUM];
extern unsigned long pmeg_vaddr[SUN3_PMEGS_NUM];
extern unsigned char pmeg_alloc[SUN3_PMEGS_NUM];
extern unsigned char pmeg_ctx[SUN3_PMEGS_NUM];
/* Flush all userspace mappings one by one... (why no flush command,
Reported by FlawFinder.
Line: 113
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Reserved PMEGs. */
extern char sun3_reserved_pmeg[SUN3_PMEGS_NUM];
extern unsigned long pmeg_vaddr[SUN3_PMEGS_NUM];
extern unsigned char pmeg_alloc[SUN3_PMEGS_NUM];
extern unsigned char pmeg_ctx[SUN3_PMEGS_NUM];
/* Flush all userspace mappings one by one... (why no flush command,
sun?) */
static inline void flush_tlb_all(void)
Reported by FlawFinder.
Line: 114
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern char sun3_reserved_pmeg[SUN3_PMEGS_NUM];
extern unsigned long pmeg_vaddr[SUN3_PMEGS_NUM];
extern unsigned char pmeg_alloc[SUN3_PMEGS_NUM];
extern unsigned char pmeg_ctx[SUN3_PMEGS_NUM];
/* Flush all userspace mappings one by one... (why no flush command,
sun?) */
static inline void flush_tlb_all(void)
{
Reported by FlawFinder.
arch/arm64/kvm/arch_timer.c
3 issues
Line: 318
CWE codes:
908
enum kvm_arch_timers index;
u64 cval, now;
if (!timer_ctx)
return false;
index = arch_timer_ctx_index(timer_ctx);
if (timer_ctx->loaded) {
Reported by Cppcheck.
Line: 1226
CWE codes:
908
else
BUG();
return kvm_timer_should_fire(timer);
}
int kvm_timer_enable(struct kvm_vcpu *vcpu)
{
struct arch_timer_cpu *timer = vcpu_timer(vcpu);
Reported by Cppcheck.
Line: 144
Column: 26
CWE codes:
120
20
u64 kvm_phys_timer_read(void)
{
return timecounter->cc->read(timecounter->cc);
}
static void get_timer_map(struct kvm_vcpu *vcpu, struct timer_map *map)
{
if (has_vhe()) {
Reported by FlawFinder.
arch/m68k/include/asm/string.h
3 issues
Line: 71
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define memset(d, c, n) __builtin_memset(d, c, n)
#define __HAVE_ARCH_MEMCPY
extern void *memcpy(void *, const void *, __kernel_size_t);
#define memcpy(d, s, n) __builtin_memcpy(d, s, n)
#endif /* _M68K_STRING_H_ */
Reported by FlawFinder.
Line: 72
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define __HAVE_ARCH_MEMCPY
extern void *memcpy(void *, const void *, __kernel_size_t);
#define memcpy(d, s, n) __builtin_memcpy(d, s, n)
#endif /* _M68K_STRING_H_ */
Reported by FlawFinder.
Line: 25
Column: 21
CWE codes:
120
}
#define __HAVE_ARCH_STRNCPY
static inline char *strncpy(char *dest, const char *src, size_t n)
{
char *xdest = dest;
asm volatile ("\n"
" jra 2f\n"
Reported by FlawFinder.
arch/mips/cavium-octeon/crypto/octeon-sha512.c
3 issues
Line: 129
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Transform as many times as possible. */
if (len >= part_len) {
memcpy(&sctx->buf[index], data, part_len);
octeon_sha512_transform(sctx->buf);
for (i = part_len; i + SHA512_BLOCK_SIZE <= len;
i += SHA512_BLOCK_SIZE)
octeon_sha512_transform(&data[i]);
Reported by FlawFinder.
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Buffer remaining input. */
memcpy(&sctx->buf[index], &data[i], len - i);
}
static int octeon_sha512_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
Reported by FlawFinder.
Line: 218
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
octeon_sha512_final(desc, D);
memcpy(hash, D, 48);
memzero_explicit(D, 64);
return 0;
}
Reported by FlawFinder.
arch/x86/kvm/svm/svm_ops.h
3 issues
Line: 41
static inline void clgi(void)
{
svm_asm(clgi);
}
static inline void stgi(void)
{
svm_asm(stgi);
Reported by Cppcheck.
Line: 41
static inline void clgi(void)
{
svm_asm(clgi);
}
static inline void stgi(void)
{
svm_asm(stgi);
Reported by Cppcheck.
Line: 41
static inline void clgi(void)
{
svm_asm(clgi);
}
static inline void stgi(void)
{
svm_asm(stgi);
Reported by Cppcheck.
arch/powerpc/kvm/book3s_paired_singles.c
3 issues
Line: 177
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int emulated = EMULATE_FAIL;
int r;
char tmp[8];
int len = sizeof(u32);
if (ls_type == FPU_LS_DOUBLE)
len = sizeof(u64);
Reported by FlawFinder.
Line: 221
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int emulated = EMULATE_FAIL;
int r;
char tmp[8];
u64 val;
int len;
switch (ls_type) {
case FPU_LS_SINGLE:
Reported by FlawFinder.
Line: 273
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* read from memory */
if (w) {
r = kvmppc_ld(vcpu, &addr, sizeof(u32), tmp, true);
memcpy(&tmp[1], &one, sizeof(u32));
} else {
r = kvmppc_ld(vcpu, &addr, sizeof(u32) * 2, tmp, true);
}
vcpu->arch.paddr_accessed = addr;
if (r < 0) {
Reported by FlawFinder.