The following issues were found
security/tomoyo/mount.c
2 issues
Line: 94
CWE codes:
562
int need_dev = 0;
int error = -ENOMEM;
r->obj = &obj;
/* Get fstype. */
requested_type = tomoyo_encode(type);
if (!requested_type)
goto out;
Reported by Cppcheck.
Line: 13
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "common.h"
/* String table for special mount operations. */
static const char * const tomoyo_mounts[TOMOYO_MAX_SPECIAL_MOUNT] = {
[TOMOYO_MOUNT_BIND] = "--bind",
[TOMOYO_MOUNT_MOVE] = "--move",
[TOMOYO_MOUNT_REMOUNT] = "--remount",
[TOMOYO_MOUNT_MAKE_UNBINDABLE] = "--make-unbindable",
[TOMOYO_MOUNT_MAKE_PRIVATE] = "--make-private",
Reported by FlawFinder.
samples/bpf/xdp_fwd_kern.c
2 issues
Line: 138
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (h_proto == htons(ETH_P_IPV6))
ip6h->hop_limit--;
memcpy(eth->h_dest, fib_params.dmac, ETH_ALEN);
memcpy(eth->h_source, fib_params.smac, ETH_ALEN);
return bpf_redirect_map(&xdp_tx_ports, fib_params.ifindex, 0);
}
return XDP_PASS;
Reported by FlawFinder.
Line: 139
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ip6h->hop_limit--;
memcpy(eth->h_dest, fib_params.dmac, ETH_ALEN);
memcpy(eth->h_source, fib_params.smac, ETH_ALEN);
return bpf_redirect_map(&xdp_tx_ports, fib_params.ifindex, 0);
}
return XDP_PASS;
}
Reported by FlawFinder.
samples/bpf/xdp_adjust_tail_kern.c
2 issues
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct ethhdr *eth;
eth = data;
memcpy(eth->h_source, orig_eth->h_dest, ETH_ALEN);
memcpy(eth->h_dest, orig_eth->h_source, ETH_ALEN);
eth->h_proto = orig_eth->h_proto;
}
static __always_inline __u16 csum_fold_helper(__u32 csum)
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eth = data;
memcpy(eth->h_source, orig_eth->h_dest, ETH_ALEN);
memcpy(eth->h_dest, orig_eth->h_source, ETH_ALEN);
eth->h_proto = orig_eth->h_proto;
}
static __always_inline __u16 csum_fold_helper(__u32 csum)
{
Reported by FlawFinder.
sound/ac97_bus.c
2 issues
Line: 29
Column: 29
CWE codes:
120
20
static bool snd_ac97_check_id(struct snd_ac97 *ac97, unsigned int id,
unsigned int id_mask)
{
ac97->id = ac97->bus->ops->read(ac97, AC97_VENDOR_ID1) << 16;
ac97->id |= ac97->bus->ops->read(ac97, AC97_VENDOR_ID2);
if (ac97->id == 0x0 || ac97->id == 0xffffffff)
return false;
Reported by FlawFinder.
Line: 30
Column: 30
CWE codes:
120
20
unsigned int id_mask)
{
ac97->id = ac97->bus->ops->read(ac97, AC97_VENDOR_ID1) << 16;
ac97->id |= ac97->bus->ops->read(ac97, AC97_VENDOR_ID2);
if (ac97->id == 0x0 || ac97->id == 0xffffffff)
return false;
if (id != 0 && id != (ac97->id & id_mask))
Reported by FlawFinder.
sound/aoa/aoa.h
2 issues
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MAX_CODEC_NAME_LEN 32
struct aoa_codec {
char name[MAX_CODEC_NAME_LEN];
struct module *owner;
/* called when the fabric wants to init this codec.
* Do alsa card manipulations from here. */
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MAX_LAYOUT_NAME_LEN 32
struct aoa_fabric {
char name[MAX_LAYOUT_NAME_LEN];
struct module *owner;
/* once codecs register, they are passed here after.
* They are of course not initialised, since the
Reported by FlawFinder.
sound/aoa/soundbus/i2sbus/core.c
2 issues
Line: 236
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (i = aoa_resource_i2smmio; i <= aoa_resource_rxdbdma; i++) {
dev->interrupts[i] = -1;
snprintf(dev->rnames[i], sizeof(dev->rnames[i]),
rnames[i], np);
}
for (i = aoa_resource_i2smmio; i <= aoa_resource_rxdbdma; i++) {
int irq = irq_of_parse_and_map(np, i);
if (request_irq(irq, ints[i], 0, dev->rnames[i], dev))
Reported by FlawFinder.
Line: 159
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_node *child, *sound = NULL;
struct resource *r;
int i, layout = 0, rlen, ok = force;
char node_name[6];
static const char *rnames[] = { "i2sbus: %pOFn (control)",
"i2sbus: %pOFn (tx)",
"i2sbus: %pOFn (rx)" };
static const irq_handler_t ints[] = {
i2sbus_bus_intr,
Reported by FlawFinder.
sound/aoa/soundbus/i2sbus/pcm.c
2 issues
Line: 202
Column: 19
CWE codes:
362
goto out_unlock;
}
list_for_each_entry(cii, &sdev->codec_list, list) {
if (cii->codec->open) {
err = cii->codec->open(cii, pi->substream);
if (err) {
result = err;
/* unwind */
found_this = 0;
Reported by FlawFinder.
Line: 203
Column: 22
CWE codes:
362
}
list_for_each_entry(cii, &sdev->codec_list, list) {
if (cii->codec->open) {
err = cii->codec->open(cii, pi->substream);
if (err) {
result = err;
/* unwind */
found_this = 0;
list_for_each_entry_reverse(rev,
Reported by FlawFinder.
sound/aoa/soundbus/soundbus.h
2 issues
Line: 105
Column: 8
CWE codes:
362
/* called when pcm stream is opened, probably not implemented
* most of the time since it isn't too useful */
int (*open)(struct codec_info_item *cii,
struct snd_pcm_substream *substream);
/* called when the pcm stream is closed, at this point
* the user choices can all be unlocked (see below) */
int (*close)(struct codec_info_item *cii,
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct platform_device ofdev;
/* what modules go by */
char modalias[32];
/* These fields must be before attach_codec can be called.
* They should be set by the owner of the alsa card object
* that is needed, and whoever sets them must make sure
* that they are unique within that alsa card object. */
Reported by FlawFinder.
samples/bpf/xdp1_user.c
2 issues
Line: 94
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
char filename[256];
int err;
while ((opt = getopt(argc, argv, optstr)) != -1) {
switch (opt) {
case 'S':
xdp_flags |= XDP_FLAGS_SKB_MODE;
break;
case 'N':
Reported by FlawFinder.
Line: 91
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int prog_fd, map_fd, opt;
struct bpf_object *obj;
struct bpf_map *map;
char filename[256];
int err;
while ((opt = getopt(argc, argv, optstr)) != -1) {
switch (opt) {
case 'S':
Reported by FlawFinder.
sound/core/ctljack.c
2 issues
Line: 58
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (count >= 5)
need_cat = strncmp(&src_name[count - 5], " Jack", 5) ? true : false;
snprintf(name, size, need_cat ? "%s Jack" : "%s", src_name);
}
struct snd_kcontrol *
snd_kctl_jack_new(const char *name, struct snd_card *card)
Reported by FlawFinder.
Line: 51
Column: 17
CWE codes:
126
static void jack_kctl_name_gen(char *name, const char *src_name, int size)
{
size_t count = strlen(src_name);
bool need_cat = true;
/* remove redundant " Jack" from src_name */
if (count >= 5)
need_cat = strncmp(&src_name[count - 5], " Jack", 5) ? true : false;
Reported by FlawFinder.