The following issues were found

fs/9p/vfs_dir.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 130 Column: 35 CWE codes: 126 

              				return -EIO;
			}

			over = !dir_emit(ctx, st.name, strlen(st.name),
					 v9fs_qid2ino(&st.qid), dt_type(&st));
			p9stat_free(&st);
			if (over)
				return 0;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 187 Column: 11 CWE codes: 126 

              			}

			if (!dir_emit(ctx, curdirent.d_name,
				      strlen(curdirent.d_name),
				      v9fs_qid2ino(&curdirent.qid),
				      curdirent.d_type))
				return 0;

			ctx->pos = curdirent.d_off;

Reported by FlawFinder.

fs/adfs/adfs.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 122 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	__u32		size;			/* size			*/
	__u8		attr;			/* RISC OS attributes	*/
	unsigned int	name_len;		/* name length		*/
	char		name[ADFS_MAX_NAME_LEN];/* file name		*/
};

struct adfs_dir_ops {
	int	(*read)(struct super_block *sb, unsigned int indaddr,
			unsigned int size, struct adfs_dir *dir);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 126 Column: 8 CWE codes: 120 20 

              };

struct adfs_dir_ops {
	int	(*read)(struct super_block *sb, unsigned int indaddr,
			unsigned int size, struct adfs_dir *dir);
	int	(*iterate)(struct adfs_dir *dir, struct dir_context *ctx);
	int	(*setpos)(struct adfs_dir *dir, unsigned int fpos);
	int	(*getnext)(struct adfs_dir *dir, struct object_info *obj);
	int	(*update)(struct adfs_dir *dir, struct object_info *obj);

Reported by FlawFinder.

fs/affs/amigaffs.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 185 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		}
		mark_buffer_dirty_inode(link_bh, inode);

		memcpy(AFFS_TAIL(sb, bh)->name, AFFS_TAIL(sb, link_bh)->name, 32);
		retval = affs_insert_hash(dir, bh);
		if (retval) {
			affs_unlock_dir(dir);
			goto done;
		}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 541 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	u32 len = min(dentry->d_name.len, AFFSNAMEMAX);

	*bstr++ = len;
	memcpy(bstr, dentry->d_name.name, len);
	return len;
}

Reported by FlawFinder.

fs/afs/dir_edit.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 316 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	de->u.hash_next	= 0; // TODO: Really need to maintain this
	de->u.vnode	= htonl(new_fid->vnode);
	de->u.unique	= htonl(new_fid->unique);
	memcpy(de->u.name, name->name, name->len + 1);
	de->u.name[name->len] = 0;

	/* Adjust the bitmap. */
	afs_set_contig_bits(block, slot, need_slots);
	if (page != page0) {

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 138 Column: 9 CWE codes: 126 

              			continue;

		/* The block was NUL-terminated by afs_dir_check_page(). */
		len = strlen(de->u.name);
		if (len == name->len &&
		    memcmp(de->u.name, name->name, name->len) == 0)
			return d;

		n = round_up(12 + len + 1 + 4, AFS_DIR_DIRENT_SIZE);

Reported by FlawFinder.

fs/afs/super.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 469 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (as->dyn_root) {
		inode = afs_iget_pseudo_dir(sb, true);
	} else {
		sprintf(sb->s_id, "%llu", as->volume->vid);
		afs_activate_volume(as->volume);
		inode = afs_root_iget(sb, ctx->key);
	}

	if (IS_ERR(inode))

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 286 Column: 27 CWE codes: 126 

              	}

	ctx->volnamesz = suffix ?
		suffix - ctx->volname : strlen(ctx->volname);

	_debug("cell %*.*s [%p]",
	       cellnamesz, cellnamesz, cellname ?: "", ctx->cell);

	/* lookup the cell record */

Reported by FlawFinder.

fs/autofs/root.c
2 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 562 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              	if (!cp)
		return -ENOMEM;

	strcpy(cp, symname);

	inode = autofs_get_inode(dir->i_sb, S_IFLNK | 0555);
	if (!inode) {
		kfree(cp);
		return -ENOMEM;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 537 Column: 16 CWE codes: 126 

              	struct autofs_info *ino = autofs_dentry_ino(dentry);
	struct autofs_info *p_ino;
	struct inode *inode;
	size_t size = strlen(symname);
	char *cp;

	pr_debug("%s <- %pd\n", symname, dentry);

	if (!autofs_oz_mode(sbi))

Reported by FlawFinder.

fs/befs/linuxvfs.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 224 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	befs_off_t value;
	int result;
	size_t keysize;
	char keybuf[BEFS_NAME_LEN + 1];

	befs_debug(sb, "---> %s name %pD, inode %ld, ctx->pos %lld",
		  __func__, file, inode->i_ino, ctx->pos);

	while (1) {

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 189 Column: 30 CWE codes: 126 

              	/* Convert to UTF-8 */
	if (BEFS_SB(sb)->nls) {
		ret =
		    befs_nls2utf(sb, name, strlen(name), &utfname, &utfnamelen);
		if (ret < 0) {
			befs_debug(sb, "<--- %s ERROR", __func__);
			return ERR_PTR(ret);
		}
		ret = befs_btree_find(sb, ds, utfname, &offset);

Reported by FlawFinder.

fs/bfs/file.c
2 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 20 Column: 23 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #undef DEBUG

#ifdef DEBUG
#define dprintf(x...)	printf(x)
#else
#define dprintf(x...)
#endif

const struct file_operations bfs_file_operations = {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 42 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!bh)
		return -EIO;
	new = sb_getblk(sb, to);
	memcpy(new->b_data, bh->b_data, bh->b_size);
	mark_buffer_dirty(new);
	bforget(bh);
	brelse(new);
	return 0;
}

Reported by FlawFinder.

fs/binfmt_flat.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 905 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	 */
	struct linux_binprm bprm;
	int res;
	char buf[16];
	loff_t pos = 0;

	memset(&bprm, 0, sizeof(bprm));

	/* Create the file name */

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 911 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	memset(&bprm, 0, sizeof(bprm));

	/* Create the file name */
	sprintf(buf, "/lib/lib%d.so", id);

	/* Open the file up */
	bprm.filename = buf;
	bprm.file = open_exec(bprm.filename);
	res = PTR_ERR(bprm.file);

Reported by FlawFinder.

fs/btrfs/backref.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 747 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				ret = -ENOMEM;
				goto out;
			}
			memcpy(new_ref, ref, sizeof(*ref));
			new_ref->parent = node->val;
			new_ref->inode_list = unode_aux_to_inode_list(node);
			prelim_ref_insert(fs_info, &preftrees->direct,
					  new_ref, NULL);
		}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2363 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		ret = -ENOENT;
		goto release;
	}
	memcpy(&iter->cur_key, &key, sizeof(key));
	iter->item_ptr = (u32)btrfs_item_ptr_offset(path->nodes[0],
						    path->slots[0]);
	iter->end_ptr = (u32)(iter->item_ptr +
			btrfs_item_size_nr(path->nodes[0], path->slots[0]));
	ei = btrfs_item_ptr(path->nodes[0], path->slots[0],

Reported by FlawFinder.