The following issues were found
fs/nilfs2/the_nilfs.c
2 issues
Line: 243
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* restore super block with its spare and reconfigure
* relevant states of the nilfs object.
*/
memcpy(sbp[0], sbp[1], nilfs->ns_sbsize);
nilfs->ns_crc_seed = le32_to_cpu(sbp[0]->s_crc_seed);
nilfs->ns_sbwtime = le64_to_cpu(sbp[0]->s_wtime);
/* verify consistency between two super blocks */
blocksize = BLOCK_SIZE << le32_to_cpu(sbp[0]->s_log_block_size);
Reported by FlawFinder.
Line: 428
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int nilfs_valid_sb(struct nilfs_super_block *sbp)
{
static unsigned char sum[4];
const int sumoff = offsetof(struct nilfs_super_block, s_sum);
size_t bytes;
u32 crc;
if (!sbp || le16_to_cpu(sbp->s_magic) != NILFS_SUPER_MAGIC)
Reported by FlawFinder.
fs/notify/fanotify/fanotify.h
2 issues
Line: 128
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
const struct qstr *name)
{
info->name_len = name->len;
strcpy(info->buf + info->dir_fh_totlen + info->file_fh_totlen,
name->name);
}
/*
* Common structure for fanotify events. Concrete structs are allocated in
Reported by FlawFinder.
Line: 178
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__kernel_fsid_t fsid;
struct fanotify_fh object_fh;
/* Reserve space in object_fh.buf[] - access with fanotify_fh_buf() */
unsigned char _inline_fh_buf[FANOTIFY_INLINE_FH_LEN];
};
static inline struct fanotify_fid_event *
FANOTIFY_FE(struct fanotify_event *event)
{
Reported by FlawFinder.
fs/ntfs/aops.c
2 issues
Line: 488
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
addr = kmap_atomic(page);
/* Copy the data to the page. */
memcpy(addr, (u8*)ctx->attr +
le16_to_cpu(ctx->attr->data.resident.value_offset),
attr_len);
/* Zero the remainder of the page. */
memset(addr + attr_len, 0, PAGE_SIZE - attr_len);
flush_dcache_page(page);
Reported by FlawFinder.
Line: 1482
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
addr = kmap_atomic(page);
/* Copy the data from the page to the mft record. */
memcpy((u8*)ctx->attr +
le16_to_cpu(ctx->attr->data.resident.value_offset),
addr, attr_len);
/* Zero out of bounds area in the page cache page. */
memset(addr + attr_len, 0, PAGE_SIZE - attr_len);
kunmap_atomic(addr);
Reported by FlawFinder.
fs/ocfs2/dlm/dlmcommon.h
2 issues
Line: 58
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct o2hb_callback_func mle_hb_up;
struct o2hb_callback_func mle_hb_down;
struct dlm_lock_resource *mleres;
unsigned char mname[DLM_LOCKID_NAME_MAX];
unsigned int mnamelen;
unsigned int mnamehash;
};
enum dlm_ast_type {
Reported by FlawFinder.
Line: 313
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wait_queue_head_t wq;
u8 owner; //node which owns the lock resource, or unknown
u16 state;
char lvb[DLM_LVB_LEN];
unsigned int inflight_locks;
unsigned int inflight_assert_workers;
unsigned long refmap[BITS_TO_LONGS(O2NM_MAX_NODES)];
};
Reported by FlawFinder.
fs/ocfs2/dlm/dlmdebug.c
2 issues
Line: 83
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __dlm_print_one_lock_resource(struct dlm_lock_resource *res)
{
struct dlm_lock *lock;
char buf[DLM_LOCKID_NAME_MAX];
assert_spin_locked(&res->spinlock);
stringify_lockname(res->lockname.name, res->lockname.len,
buf, sizeof(buf));
Reported by FlawFinder.
Line: 242
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define OCFS2_DENTRY_LOCK_INO_START 18
if (*lockname == 'N') {
memcpy((__be64 *)&inode_blkno_be,
(char *)&lockname[OCFS2_DENTRY_LOCK_INO_START],
sizeof(__be64));
out += scnprintf(buf + out, len - out, "%.*s%08x",
OCFS2_DENTRY_LOCK_INO_START - 1, lockname,
(unsigned int)be64_to_cpu(inode_blkno_be));
Reported by FlawFinder.
fs/ocfs2/filecheck.c
2 issues
Line: 243
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ocfs2_filecheck_args_get_long(const char *buf, size_t count,
unsigned long *val)
{
char buffer[OCFS2_FILECHECK_ARGS_LEN];
memcpy(buffer, buf, count);
buffer[count] = '\0';
if (kstrtoul(buffer, 0, val))
Reported by FlawFinder.
Line: 245
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
char buffer[OCFS2_FILECHECK_ARGS_LEN];
memcpy(buffer, buf, count);
buffer[count] = '\0';
if (kstrtoul(buffer, 0, val))
return 1;
Reported by FlawFinder.
fs/ocfs2/move_extents.c
2 issues
Line: 379
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret, i, bits_per_unit = 0;
u64 blkno;
char namebuf[40];
struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
struct buffer_head *ac_bh = NULL, *gd_bh = NULL;
struct ocfs2_chain_list *cl;
struct ocfs2_chain_rec *rec;
Reported by FlawFinder.
Line: 390
Column: 7
CWE codes:
126
ocfs2_sprintf_system_inode_name(namebuf, sizeof(namebuf), type, slot);
ret = ocfs2_lookup_ino_from_name(osb->sys_root_inode, namebuf,
strlen(namebuf), &blkno);
if (ret) {
ret = -ENOENT;
goto out;
}
Reported by FlawFinder.
fs/ocfs2/ocfs2_fs.h
2 issues
Line: 1581
Column: 11
CWE codes:
134
Suggestion:
Use a constant for the format specification
chars = snprintf(buf, len, "%s",
ocfs2_system_inodes[type].si_name);
else
chars = snprintf(buf, len,
ocfs2_system_inodes[type].si_name,
slot);
return chars;
}
Reported by FlawFinder.
Line: 745
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le16 rec_len; /* Directory entry length */
__u8 name_len; /* Name length */
__u8 file_type;
/*0C*/ char name[OCFS2_MAX_FILENAME_LEN]; /* File name */
/* Actual on-disk length specified by rec_len */
} __attribute__ ((packed));
/*
* Per-block record for the unindexed directory btree. This is carefully
Reported by FlawFinder.
fs/ocfs2/quota_global.c
2 issues
Line: 204
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mlog_errno(err);
return err;
}
memcpy(data, bh->b_data + offset, tocopy);
brelse(bh);
offset = 0;
toread -= tocopy;
data += tocopy;
blk++;
Reported by FlawFinder.
Line: 275
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lock_buffer(bh);
if (new)
memset(bh->b_data, 0, sb->s_blocksize);
memcpy(bh->b_data + offset, data, len);
flush_dcache_page(bh->b_page);
set_buffer_uptodate(bh);
unlock_buffer(bh);
ocfs2_set_buffer_uptodate(INODE_CACHE(gqinode), bh);
err = ocfs2_journal_access_dq(handle, INODE_CACHE(gqinode), bh,
Reported by FlawFinder.
fs/ocfs2/sysfile.c
2 issues
Line: 127
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int type,
u32 slot)
{
char namebuf[40];
struct inode *inode = NULL;
u64 blkno;
int status = 0;
ocfs2_sprintf_system_inode_name(namebuf,
Reported by FlawFinder.
Line: 137
Column: 10
CWE codes:
126
type, slot);
status = ocfs2_lookup_ino_from_name(osb->sys_root_inode, namebuf,
strlen(namebuf), &blkno);
if (status < 0) {
goto bail;
}
inode = ocfs2_iget(osb, blkno, OCFS2_FI_FLAG_SYSFILE, type);
Reported by FlawFinder.