The following issues were found
fs/dlm/lockspace.c
2 issues
Line: 481
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ls = kzalloc(sizeof(struct dlm_ls) + namelen, GFP_NOFS);
if (!ls)
goto out;
memcpy(ls->ls_name, name, namelen);
ls->ls_namelen = namelen;
ls->ls_lvblen = lvblen;
ls->ls_count = 0;
ls->ls_flags = 0;
ls->ls_scan_time = jiffies;
Reported by FlawFinder.
Line: 416
Column: 16
CWE codes:
126
struct dlm_ls *ls;
int i, size, error;
int do_unreg = 0;
int namelen = strlen(name);
if (namelen > DLM_LOCKSPACE_LEN || namelen == 0)
return -EINVAL;
if (!lvblen || (lvblen % 8))
Reported by FlawFinder.
fs/dlm/recover.c
2 issues
Line: 804
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (big_lock_exists) {
r->res_lvbseq = lkb->lkb_lvbseq;
memcpy(r->res_lvbptr, lkb->lkb_lvbptr, lvblen);
} else if (high_lkb) {
r->res_lvbseq = high_lkb->lkb_lvbseq;
memcpy(r->res_lvbptr, high_lkb->lkb_lvbptr, lvblen);
} else {
r->res_lvbseq = 0;
Reported by FlawFinder.
Line: 807
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(r->res_lvbptr, lkb->lkb_lvbptr, lvblen);
} else if (high_lkb) {
r->res_lvbseq = high_lkb->lkb_lvbseq;
memcpy(r->res_lvbptr, high_lkb->lkb_lvbptr, lvblen);
} else {
r->res_lvbseq = 0;
memset(r->res_lvbptr, 0, lvblen);
}
out:
Reported by FlawFinder.
fs/ecryptfs/inode.c
2 issues
Line: 476
Column: 9
CWE codes:
126
rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
&encoded_symlen,
mount_crypt_stat, symname,
strlen(symname));
if (rc)
goto out_lock;
rc = vfs_symlink(&init_user_ns, lower_dir, lower_dentry,
encoded_symname);
kfree(encoded_symname);
Reported by FlawFinder.
Line: 651
Column: 15
CWE codes:
126
return ERR_CAST(link);
rc = ecryptfs_decode_and_decrypt_filename(&buf, bufsiz, dentry->d_sb,
link, strlen(link));
do_delayed_call(&done);
if (rc)
return ERR_PTR(rc);
return buf;
Reported by FlawFinder.
fs/efs/symlink.c
2 issues
Line: 32
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bh = sb_bread(inode->i_sb, efs_bmap(inode, 0));
if (!bh)
goto fail;
memcpy(link, bh->b_data, (size > EFS_BLOCKSIZE) ? EFS_BLOCKSIZE : size);
brelse(bh);
if (size > EFS_BLOCKSIZE) {
bh = sb_bread(inode->i_sb, efs_bmap(inode, 1));
if (!bh)
goto fail;
Reported by FlawFinder.
Line: 38
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bh = sb_bread(inode->i_sb, efs_bmap(inode, 1));
if (!bh)
goto fail;
memcpy(link + EFS_BLOCKSIZE, bh->b_data, size - EFS_BLOCKSIZE);
brelse(bh);
}
link[size] = '\0';
SetPageUptodate(page);
unlock_page(page);
Reported by FlawFinder.
fs/erofs/dir.c
2 issues
Line: 13
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
#ifdef CONFIG_EROFS_FS_DEBUG
/* since the on-disk name could not have the trailing '\0' */
unsigned char dbg_namebuf[EROFS_NAME_LEN + 1];
memcpy(dbg_namebuf, de_name, de_namelen);
dbg_namebuf[de_namelen] = '\0';
erofs_dbg("found dirent %s de_len %u d_type %d", dbg_namebuf,
Reported by FlawFinder.
Line: 15
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* since the on-disk name could not have the trailing '\0' */
unsigned char dbg_namebuf[EROFS_NAME_LEN + 1];
memcpy(dbg_namebuf, de_name, de_namelen);
dbg_namebuf[de_namelen] = '\0';
erofs_dbg("found dirent %s de_len %u d_type %d", dbg_namebuf,
de_namelen, d_type);
#endif
Reported by FlawFinder.
fs/erofs/super.c
2 issues
Line: 176
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
ptr = kmap(page);
}
memcpy(buffer + i, ptr + erofs_blkoff(*offset), cnt);
*offset += cnt;
}
out:
kunmap(page);
*pagep = page;
Reported by FlawFinder.
Line: 317
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sbi->build_time = le64_to_cpu(dsb->build_time);
sbi->build_time_nsec = le32_to_cpu(dsb->build_time_nsec);
memcpy(&sb->s_uuid, dsb->uuid, sizeof(dsb->uuid));
ret = strscpy(sbi->volume_name, dsb->volume_name,
sizeof(dsb->volume_name));
if (ret < 0) { /* -E2BIG */
erofs_err(sb, "bad volume name without NIL terminator");
Reported by FlawFinder.
fs/erofs/zdata.c
2 issues
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct z_erofs_pcluster_slab {
struct kmem_cache *slab;
unsigned int maxpages;
char name[48];
};
#define _PCLP(n) { .maxpages = n }
static struct z_erofs_pcluster_slab pcluster_pool[] __read_mostly = {
Reported by FlawFinder.
Line: 51
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pcs < pcluster_pool + ARRAY_SIZE(pcluster_pool); ++pcs) {
size = struct_size(a, compressed_pages, pcs->maxpages);
sprintf(pcs->name, "erofs_pcluster-%u", pcs->maxpages);
pcs->slab = kmem_cache_create(pcs->name, size, 0,
SLAB_RECLAIM_ACCOUNT, NULL);
if (pcs->slab)
continue;
Reported by FlawFinder.
fs/exec.c
2 issues
Line: 636
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -E2BIG;
kaddr = kmap_atomic(page);
flush_arg_page(bprm, pos & PAGE_MASK, page);
memcpy(kaddr + offset_in_page(pos), arg, bytes_to_copy);
flush_kernel_dcache_page(page);
kunmap_atomic(kaddr);
put_arg_page(page);
}
Reported by FlawFinder.
Line: 1210
Column: 2
CWE codes:
120
char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk)
{
task_lock(tsk);
strncpy(buf, tsk->comm, buf_size);
task_unlock(tsk);
return buf;
}
EXPORT_SYMBOL_GPL(__get_task_comm);
Reported by FlawFinder.
fs/exfat/super.c
2 issues
Line: 761
Column: 39
CWE codes:
732
sbi->options.fs_uid = current_uid();
sbi->options.fs_gid = current_gid();
sbi->options.fs_fmask = current->fs->umask;
sbi->options.fs_dmask = current->fs->umask;
sbi->options.allow_utime = -1;
sbi->options.iocharset = exfat_default_iocharset;
sbi->options.errors = EXFAT_ERRORS_RO;
Reported by FlawFinder.
Line: 762
Column: 39
CWE codes:
732
sbi->options.fs_uid = current_uid();
sbi->options.fs_gid = current_gid();
sbi->options.fs_fmask = current->fs->umask;
sbi->options.fs_dmask = current->fs->umask;
sbi->options.allow_utime = -1;
sbi->options.iocharset = exfat_default_iocharset;
sbi->options.errors = EXFAT_ERRORS_RO;
fc->s_fs_info = sbi;
Reported by FlawFinder.
fs/ext2/ext2.h
2 issues
Line: 460
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le32 s_feature_incompat; /* incompatible feature set */
__le32 s_feature_ro_compat; /* readonly-compatible feature set */
__u8 s_uuid[16]; /* 128-bit uuid for volume */
char s_volume_name[16]; /* volume name */
char s_last_mounted[64]; /* directory where last mounted */
__le32 s_algorithm_usage_bitmap; /* For compression */
/*
* Performance hints. Directory preallocation should only
* happen if the EXT2_COMPAT_PREALLOC flag is on.
Reported by FlawFinder.
Line: 461
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le32 s_feature_ro_compat; /* readonly-compatible feature set */
__u8 s_uuid[16]; /* 128-bit uuid for volume */
char s_volume_name[16]; /* volume name */
char s_last_mounted[64]; /* directory where last mounted */
__le32 s_algorithm_usage_bitmap; /* For compression */
/*
* Performance hints. Directory preallocation should only
* happen if the EXT2_COMPAT_PREALLOC flag is on.
*/
Reported by FlawFinder.