The following issues were found
fs/fs_types.c
2 issues
Line: 8
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* fs on-disk file type to dirent file type conversion
*/
static const unsigned char fs_dtype_by_ftype[FT_MAX] = {
[FT_UNKNOWN] = DT_UNKNOWN,
[FT_REG_FILE] = DT_REG,
[FT_DIR] = DT_DIR,
[FT_CHRDEV] = DT_CHR,
[FT_BLKDEV] = DT_BLK,
Reported by FlawFinder.
Line: 50
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* dirent file type to fs on-disk file type conversion
* Values not initialized explicitly are FT_UNKNOWN (0).
*/
static const unsigned char fs_ftype_by_dtype[DT_MAX] = {
[DT_REG] = FT_REG_FILE,
[DT_DIR] = FT_DIR,
[DT_LNK] = FT_SYMLINK,
[DT_CHR] = FT_CHRDEV,
[DT_BLK] = FT_BLKDEV,
Reported by FlawFinder.
fs/fscache/cookie.c
2 issues
Line: 93
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf = (u32 *)cookie->inline_key;
}
memcpy(buf, index_key, index_key_len);
/* Calculate a hash and combine this with the length in the first word
* or first half word
*/
h = (unsigned long)cookie->parent;
Reported by FlawFinder.
Line: 157
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto nomem;
if (cookie->aux_len <= sizeof(cookie->inline_aux)) {
memcpy(cookie->inline_aux, aux_data, cookie->aux_len);
} else {
cookie->aux = kmemdup(aux_data, cookie->aux_len, GFP_KERNEL);
if (!cookie->aux)
goto nomem;
}
Reported by FlawFinder.
fs/fuse/dev.c
2 issues
Line: 763
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void *buf = pgaddr + cs->offset;
if (cs->write)
memcpy(buf, *val, ncpy);
else
memcpy(*val, buf, ncpy);
kunmap_atomic(pgaddr);
*val += ncpy;
Reported by FlawFinder.
Line: 765
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cs->write)
memcpy(buf, *val, ncpy);
else
memcpy(*val, buf, ncpy);
kunmap_atomic(pgaddr);
*val += ncpy;
}
*size -= ncpy;
Reported by FlawFinder.
fs/gfs2/aops.c
2 issues
Line: 457
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kaddr = kmap_atomic(page);
if (dsize > gfs2_max_stuffed_size(ip))
dsize = gfs2_max_stuffed_size(ip);
memcpy(kaddr, dibh->b_data + sizeof(struct gfs2_dinode), dsize);
memset(kaddr + dsize, 0, PAGE_SIZE - dsize);
kunmap_atomic(kaddr);
flush_dcache_page(page);
brelse(dibh);
SetPageUptodate(page);
Reported by FlawFinder.
Line: 530
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (IS_ERR(page))
return PTR_ERR(page);
p = kmap_atomic(page);
memcpy(buf + copied, p + offset, amt);
kunmap_atomic(p);
put_page(page);
copied += amt;
index++;
offset = 0;
Reported by FlawFinder.
fs/gfs2/dir.h
2 issues
Line: 76
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dent->de_name_len = cpu_to_be16(name->len);
dent->de_type = cpu_to_be16(0);
memset(dent->__pad, 0, sizeof(dent->__pad));
memcpy(dent + 1, name->name, name->len);
}
extern struct qstr gfs2_qdot;
extern struct qstr gfs2_qdotdot;
Reported by FlawFinder.
Line: 62
Column: 14
CWE codes:
126
static inline void gfs2_str2qstr(struct qstr *name, const char *fname)
{
name->name = fname;
name->len = strlen(fname);
name->hash = gfs2_disk_hash(name->name, name->len);
}
/* N.B. This probably ought to take inum & type as args as well */
static inline void gfs2_qstr2dirent(const struct qstr *name, u16 reclen, struct gfs2_dirent *dent)
Reported by FlawFinder.
fs/gfs2/util.c
2 issues
Line: 469
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct gfs2_sbd *sdp = rgd->rd_sbd;
char fs_id_buf[sizeof(sdp->sd_fsname) + 7];
sprintf(fs_id_buf, "fsid=%s: ", sdp->sd_fsname);
gfs2_rgrp_dump(NULL, rgd, fs_id_buf);
gfs2_lm(sdp,
"fatal: filesystem consistency error\n"
" RG = %llu\n"
" function = %s, file = %s, line = %u\n",
Reported by FlawFinder.
Line: 467
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *function, char *file, unsigned int line)
{
struct gfs2_sbd *sdp = rgd->rd_sbd;
char fs_id_buf[sizeof(sdp->sd_fsname) + 7];
sprintf(fs_id_buf, "fsid=%s: ", sdp->sd_fsname);
gfs2_rgrp_dump(NULL, rgd, fs_id_buf);
gfs2_lm(sdp,
"fatal: filesystem consistency error\n"
Reported by FlawFinder.
fs/hfs/dir.c
2 issues
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct inode *inode = file_inode(file);
struct super_block *sb = inode->i_sb;
int len, err;
char strbuf[HFS_MAX_NAMELEN];
union hfs_cat_rec entry;
struct hfs_find_data fd;
struct hfs_readdir_data *rd;
u16 type;
Reported by FlawFinder.
Line: 166
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Can be done after the list insertion; exclusion with
* hfs_delete_cat() is provided by directory lock.
*/
memcpy(&rd->key, &fd.key->cat, sizeof(struct hfs_cat_key));
out:
hfs_find_exit(&fd);
return err;
}
Reported by FlawFinder.
fs/hfs/inode.c
2 issues
Line: 276
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u16 count;
int i;
memcpy(HFS_I(inode)->first_extents, ext, sizeof(hfs_extent_rec));
for (count = 0, i = 0; i < 3; i++)
count += be16_to_cpu(ext[i].count);
HFS_I(inode)->first_blocks = count;
inode->i_size = HFS_I(inode)->phys_size = log_size;
Reported by FlawFinder.
Line: 412
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void hfs_inode_write_fork(struct inode *inode, struct hfs_extent *ext,
__be32 *log_size, __be32 *phys_size)
{
memcpy(ext, HFS_I(inode)->first_extents, sizeof(hfs_extent_rec));
if (log_size)
*log_size = cpu_to_be32(inode->i_size);
if (phys_size)
*phys_size = cpu_to_be32(HFS_I(inode)->alloc_blocks *
Reported by FlawFinder.
fs/hfsplus/attributes.c
2 issues
Line: 123
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
return HFSPLUS_INVALID_ATTR_RECORD;
entry->inline_data.length = cpu_to_be16(len);
memcpy(entry->inline_data.raw_bytes, value, len);
/*
* Align len on two-byte boundary.
* It needs to add pad byte if we have odd len.
*/
len = round_up(len, 2);
Reported by FlawFinder.
Line: 60
Column: 36
CWE codes:
126
if (name) {
int res = hfsplus_asc2uni(sb,
(struct hfsplus_unistr *)&key->attr.key_name,
HFSPLUS_ATTR_MAX_STRLEN, name, strlen(name));
if (res)
return res;
len = be16_to_cpu(key->attr.key_name.length);
} else {
key->attr.key_name.length = 0;
Reported by FlawFinder.
fs/hfsplus/options.c
2 issues
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (arg->to - arg->from != 4)
return -EINVAL;
memcpy(result, arg->from, 4);
return 0;
}
int hfsplus_parse_options_remount(char *input, int *force)
{
Reported by FlawFinder.
Line: 225
Column: 50
CWE codes:
732
seq_show_option_n(seq, "creator", (char *)&sbi->creator, 4);
if (sbi->type != HFSPLUS_DEF_CR_TYPE)
seq_show_option_n(seq, "type", (char *)&sbi->type, 4);
seq_printf(seq, ",umask=%o,uid=%u,gid=%u", sbi->umask,
from_kuid_munged(&init_user_ns, sbi->uid),
from_kgid_munged(&init_user_ns, sbi->gid));
if (sbi->part >= 0)
seq_printf(seq, ",part=%u", sbi->part);
if (sbi->session >= 0)
Reported by FlawFinder.