The following issues were found
net/sunrpc/xprtrdma/svc_rdma_sendto.c
3 issues
Line: 684
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct page **ppages;
if (xdr->head[0].iov_len) {
memcpy(args->pd_dest, xdr->head[0].iov_base, xdr->head[0].iov_len);
args->pd_dest += xdr->head[0].iov_len;
}
ppages = xdr->pages + (xdr->page_base >> PAGE_SHIFT);
pageoff = offset_in_page(xdr->page_base);
Reported by FlawFinder.
Line: 693
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
remaining = xdr->page_len;
while (remaining) {
len = min_t(u32, PAGE_SIZE - pageoff, remaining);
memcpy(args->pd_dest, page_address(*ppages) + pageoff, len);
remaining -= len;
args->pd_dest += len;
pageoff = 0;
ppages++;
}
Reported by FlawFinder.
Line: 701
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (xdr->tail[0].iov_len) {
memcpy(args->pd_dest, xdr->tail[0].iov_base, xdr->tail[0].iov_len);
args->pd_dest += xdr->tail[0].iov_len;
}
args->pd_length += xdr->len;
return 0;
Reported by FlawFinder.
security/selinux/ss/policydb.h
3 issues
Line: 254
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define p_cats symtab[SYM_CATS]
/* symbol names indexed by (value - 1) */
char **sym_val_to_name[SYM_NUM];
/* class, role, and user attributes indexed by (value - 1) */
struct class_datum **class_val_to_struct;
struct role_datum **role_val_to_struct;
struct user_datum **user_val_to_struct;
Reported by FlawFinder.
Line: 363
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (bytes > fp->len)
return -EINVAL;
memcpy(buf, fp->data, bytes);
fp->data += bytes;
fp->len -= bytes;
return 0;
}
Reported by FlawFinder.
Line: 373
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
size_t len = bytes * num;
memcpy(fp->data, buf, len);
fp->data += len;
fp->len -= len;
return 0;
}
Reported by FlawFinder.
scripts/kconfig/menu.c
3 issues
Line: 27
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
va_start(ap, fmt);
fprintf(stderr, "%s:%d:warning: ", menu->file->name, menu->lineno);
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
va_end(ap);
}
static void prop_warn(struct property *prop, const char *fmt, ...)
Reported by FlawFinder.
Line: 37
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
va_start(ap, fmt);
fprintf(stderr, "%s:%d:warning: ", prop->file->name, prop->lineno);
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
va_end(ap);
}
void _menu_init(void)
Reported by FlawFinder.
Line: 766
Column: 20
CWE codes:
126
for (j = 4; --i >= 0; j += 2) {
menu = submenu[i];
if (jump && menu == location)
jump->offset = strlen(r->s);
str_printf(r, "%*c-> %s", j, ' ',
menu_get_prompt(menu));
if (menu->sym) {
str_printf(r, " (%s [=%s])", menu->sym->name ?
menu->sym->name : "<choice>",
Reported by FlawFinder.
sound/usb/6fire/pcm.c
3 issues
Line: 225
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src++; /* skip leading 4 bytes of every packet */
total_length += urb->packets[i].length;
for (frame = 0; frame < frame_count; frame++) {
memcpy(dest, src, bytes_per_frame);
dest += alsa_rt->channels;
src += rt->in_n_analog;
sub->dma_off++;
sub->period_off++;
if (dest == dest_end) {
Reported by FlawFinder.
Line: 273
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
frame_count = 0;
dest++; /* skip leading 4 bytes of every frame */
for (frame = 0; frame < frame_count; frame++) {
memcpy(dest, src, bytes_per_frame);
src += alsa_rt->channels;
dest += rt->out_n_analog;
sub->dma_off++;
sub->period_off++;
if (src == src_end) {
Reported by FlawFinder.
Line: 643
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
pcm->private_data = rt;
strcpy(pcm->name, "DMX 6Fire USB");
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &pcm_ops);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &pcm_ops);
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_VMALLOC, NULL, 0, 0);
rt->instance = pcm;
Reported by FlawFinder.
security/keys/key.c
3 issues
Line: 247
Column: 12
CWE codes:
126
}
}
desclen = strlen(desc);
quotalen = desclen + 1 + type->def_datalen;
/* get hold of the key tracking for this user */
user = key_user_lookup(uid);
if (!user)
Reported by FlawFinder.
Line: 877
Column: 23
CWE codes:
126
if (!index_key.description)
goto error_free_prep;
}
index_key.desc_len = strlen(index_key.description);
key_set_index_key(&index_key);
ret = __key_link_lock(keyring, &index_key);
if (ret < 0) {
key_ref = ERR_PTR(ret);
Reported by FlawFinder.
Line: 924
Column: 23
CWE codes:
120
20
perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
perm |= KEY_USR_VIEW;
if (index_key.type->read)
perm |= KEY_POS_READ;
if (index_key.type == &key_type_keyring ||
index_key.type->update)
perm |= KEY_POS_WRITE;
Reported by FlawFinder.
sound/soc/fsl/mpc8610_hpcd.c
3 issues
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int ssi_id; /* 0 = SSI1, 1 = SSI2, etc */
unsigned int dma_id[2]; /* 0 = DMA1, 1 = DMA2, etc */
unsigned int dma_channel_id[2]; /* 0 = ch 0, 1 = ch 1, etc*/
char codec_dai_name[DAI_NAME_SIZE];
char platform_name[2][DAI_NAME_SIZE]; /* One for each DMA channel */
};
/**
* mpc8610_hpcd_machine_probe: initialize the board
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int dma_id[2]; /* 0 = DMA1, 1 = DMA2, etc */
unsigned int dma_channel_id[2]; /* 0 = ch 0, 1 = ch 1, etc*/
char codec_dai_name[DAI_NAME_SIZE];
char platform_name[2][DAI_NAME_SIZE]; /* One for each DMA channel */
};
/**
* mpc8610_hpcd_machine_probe: initialize the board
*
Reported by FlawFinder.
Line: 245
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* capture. Currently, we only support codecs that have one DAI for
* both playback and capture.
*/
memcpy(&machine_data->dai[1], &machine_data->dai[0],
sizeof(struct snd_soc_dai_link));
/* Get the device ID */
iprop = of_get_property(np, "cell-index", NULL);
if (!iprop) {
Reported by FlawFinder.
sound/pci/hda/patch_realtek.c
3 issues
Line: 2099
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
kctl = snd_hda_find_mixer_ctl(codec, oldname);
if (kctl)
strcpy(kctl->id.name, newname);
}
static void alc1220_fixup_gb_dual_codecs(struct hda_codec *codec,
const struct hda_fixup *fix,
int action)
Reported by FlawFinder.
Line: 2110
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
switch (action) {
case HDA_FIXUP_ACT_PRE_PROBE:
/* override card longname to provide a unique UCM profile */
strcpy(codec->card->longname, "HDAudio-Gigabyte-ALC1220DualCodecs");
break;
case HDA_FIXUP_ACT_BUILD:
/* rename Capture controls depending on the codec */
rename_ctl(codec, "Capture Volume",
codec->addr == 0 ?
Reported by FlawFinder.
Line: 6205
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
switch (action) {
case HDA_FIXUP_ACT_PRE_PROBE:
/* override card longname to provide a unique UCM profile */
strcpy(codec->card->longname, "HDAudio-Lenovo-DualCodecs");
break;
case HDA_FIXUP_ACT_BUILD:
/* rename Capture controls depending on the codec */
rename_ctl(codec, "Capture Volume",
codec->addr == 0 ?
Reported by FlawFinder.
sound/synth/emux/emux_oss.c
3 issues
Line: 63
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return;
emu->oss_synth = dev;
strcpy(dev->name, emu->name);
arg = SNDRV_SEQ_DEVICE_ARGPTR(dev);
arg->type = SYNTH_TYPE_SAMPLE;
arg->subtype = SAMPLE_TYPE_AWE32;
arg->nvoices = emu->max_voices;
arg->oper = oss_callback;
Reported by FlawFinder.
Line: 114
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
callback.owner = THIS_MODULE;
callback.event_input = snd_emux_event_oss_input;
sprintf(tmpname, "%s OSS Port", emu->name);
p = snd_emux_create_port(emu, tmpname, 32,
1, &callback);
if (p == NULL) {
snd_printk(KERN_ERR "can't create port\n");
snd_emux_dec_count(emu);
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_emux *emu;
struct snd_emux_port *p;
struct snd_seq_port_callback callback;
char tmpname[64];
emu = closure;
if (snd_BUG_ON(!arg || !emu))
return -ENXIO;
Reported by FlawFinder.
samples/hidraw/hid-example.c
3 issues
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int fd;
int i, res, desc_size = 0;
char buf[256];
struct hidraw_report_descriptor rpt_desc;
struct hidraw_devinfo info;
char *device = "/dev/hidraw0";
if (argc > 1)
Reported by FlawFinder.
Line: 57
Column: 7
CWE codes:
362
/* Open the Device with non-blocking reads. In real life,
don't use a hard coded path; use libudev instead. */
fd = open(device, O_RDWR|O_NONBLOCK);
if (fd < 0) {
perror("Unable to open device");
return 1;
}
Reported by FlawFinder.
Line: 149
Column: 8
CWE codes:
120
20
}
/* Get a report from the device */
res = read(fd, buf, 16);
if (res < 0) {
perror("read");
} else {
printf("read() read %d bytes:\n\t", res);
for (i = 0; i < res; i++)
Reported by FlawFinder.
net/sctp/associola.c
3 issues
Line: 265
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Save the hmacs and chunks list into this association */
if (ep->auth_hmacs_list)
memcpy(asoc->c.auth_hmacs, ep->auth_hmacs_list,
ntohs(ep->auth_hmacs_list->param_hdr.length));
if (ep->auth_chunk_list)
memcpy(asoc->c.auth_chunks, ep->auth_chunk_list,
ntohs(ep->auth_chunk_list->param_hdr.length));
Reported by FlawFinder.
Line: 268
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(asoc->c.auth_hmacs, ep->auth_hmacs_list,
ntohs(ep->auth_hmacs_list->param_hdr.length));
if (ep->auth_chunk_list)
memcpy(asoc->c.auth_chunks, ep->auth_chunk_list,
ntohs(ep->auth_chunk_list->param_hdr.length));
/* Get the AUTH random number for this association */
p = (struct sctp_paramhdr *)asoc->c.auth_random;
p->type = SCTP_PARAM_RANDOM;
Reported by FlawFinder.
Line: 442
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SCTP_ADDR_MADE_PRIM, 0);
/* Set a default msg_name for events. */
memcpy(&asoc->peer.primary_addr, &transport->ipaddr,
sizeof(union sctp_addr));
/* If the primary path is changing, assume that the
* user wants to use this new path.
*/
Reported by FlawFinder.