The following issues were found
fs/ubifs/compress.c
2 issues
Line: 136
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
no_compr:
memcpy(out_buf, in_buf, in_len);
*out_len = in_len;
*compr_type = UBIFS_COMPR_NONE;
}
/**
Reported by FlawFinder.
Line: 172
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (compr_type == UBIFS_COMPR_NONE) {
memcpy(out_buf, in_buf, in_len);
*out_len = in_len;
return 0;
}
if (compr->decomp_mutex)
Reported by FlawFinder.
fs/ubifs/debug.h
2 issues
Line: 106
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int chk_fs:1;
unsigned int tst_rcvry:1;
char dfs_dir_name[UBIFS_DFS_DIR_LEN + 1];
struct dentry *dfs_dir;
struct dentry *dfs_dump_lprops;
struct dentry *dfs_dump_budg;
struct dentry *dfs_dump_tnc;
struct dentry *dfs_chk_gen;
Reported by FlawFinder.
Line: 163
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DBG_KEY_BUF_LEN 48
#define ubifs_dbg_msg_key(type, key, fmt, ...) do { \
char __tmp_key_buf[DBG_KEY_BUF_LEN]; \
pr_debug("UBIFS DBG " type " (pid %d): " fmt "%s\n", current->pid, \
##__VA_ARGS__, \
dbg_snprintf_key(c, key, __tmp_key_buf, DBG_KEY_BUF_LEN)); \
} while (0)
Reported by FlawFinder.
fs/ubifs/dir.c
2 issues
Line: 1161
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
goto out_inode;
} else {
memcpy(ui->data, disk_link.name, disk_link.len);
inode->i_link = ui->data;
}
/*
* The terminating zero byte is not written to the flash media and it
Reported by FlawFinder.
Line: 1113
Column: 28
CWE codes:
126
struct ubifs_inode *ui;
struct ubifs_inode *dir_ui = ubifs_inode(dir);
struct ubifs_info *c = dir->i_sb->s_fs_info;
int err, sz_change, len = strlen(symname);
struct fscrypt_str disk_link;
struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
.new_ino_d = ALIGN(len, 8),
.dirtied_ino = 1 };
struct fscrypt_name nm;
Reported by FlawFinder.
fs/ubifs/find.c
2 issues
Line: 331
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(ret_lp, lp, sizeof(struct ubifs_lprops));
out:
ubifs_release_lprops(c);
return err;
}
Reported by FlawFinder.
Line: 753
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ubifs_get_lprops(c);
/* Copy the LPROPS_DIRTY_IDX heap */
c->dirty_idx.cnt = c->lpt_heap[LPROPS_DIRTY_IDX - 1].cnt;
memcpy(c->dirty_idx.arr, c->lpt_heap[LPROPS_DIRTY_IDX - 1].arr,
sizeof(void *) * c->dirty_idx.cnt);
/* Sort it so that the dirtiest is now at the end */
sort(c->dirty_idx.arr, c->dirty_idx.cnt, sizeof(void *),
(int (*)(const void *, const void *))cmp_dirty_idx, NULL);
dbg_find("found %d dirty index LEBs", c->dirty_idx.cnt);
Reported by FlawFinder.
fs/ubifs/lprops.c
2 issues
Line: 630
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void ubifs_get_lp_stats(struct ubifs_info *c, struct ubifs_lp_stats *lst)
{
spin_lock(&c->space_lock);
memcpy(lst, &c->lst, sizeof(struct ubifs_lp_stats));
spin_unlock(&c->space_lock);
}
/**
* ubifs_change_one_lp - change LEB properties.
Reported by FlawFinder.
Line: 740
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(lp, lpp, sizeof(struct ubifs_lprops));
out:
ubifs_release_lprops(c);
return err;
}
Reported by FlawFinder.
fs/ubifs/recovery.c
2 issues
Line: 300
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ubifs_msg(c, "recovered master node from LEB %d",
(mst == mst1 ? UBIFS_MST_LNUM : UBIFS_MST_LNUM + 1));
memcpy(c->mst_node, mst, UBIFS_MST_NODE_SZ);
if (c->ro_mount) {
/* Read-only mode. Keep a copy for switching to rw mode */
c->rcvrd_mst_node = kmalloc(sz, GFP_KERNEL);
if (!c->rcvrd_mst_node) {
Reported by FlawFinder.
Line: 309
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = -ENOMEM;
goto out_free;
}
memcpy(c->rcvrd_mst_node, c->mst_node, UBIFS_MST_NODE_SZ);
/*
* We had to recover the master node, which means there was an
* unclean reboot. However, it is possible that the master node
* is clean at this point, i.e., %UBIFS_MST_DIRTY is not set.
Reported by FlawFinder.
fs/ubifs/tnc.c
2 issues
Line: 393
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (zbr->leaf) {
/* Read from the leaf node cache */
ubifs_assert(c, zbr->len != 0);
memcpy(node, zbr->leaf, zbr->len);
return 0;
}
if (c->replaying) {
err = fallible_read_node(c, &zbr->key, zbr, node);
Reported by FlawFinder.
Line: 1671
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rlen = 0;
/* Copy the rest from the write-buffer */
memcpy(buf + rlen, wbuf->buf + offs + rlen - wbuf->offs, len - rlen);
spin_unlock(&wbuf->lock);
if (rlen > 0)
/* Read everything that goes before write-buffer */
return ubifs_leb_read(c, lnum, buf, offs, rlen, 0);
Reported by FlawFinder.
fs/udf/dir.c
2 issues
Line: 156
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
nameptr = copy_name;
memcpy(nameptr, fi->fileIdent + liu,
lfi - poffset);
memcpy(nameptr + lfi - poffset,
fibh.ebh->b_data, poffset);
}
}
Reported by FlawFinder.
Line: 158
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nameptr = copy_name;
memcpy(nameptr, fi->fileIdent + liu,
lfi - poffset);
memcpy(nameptr + lfi - poffset,
fibh.ebh->b_data, poffset);
}
}
if ((cfi.fileCharacteristics & FID_FILE_CHAR_DELETED) != 0) {
Reported by FlawFinder.
fs/udf/file.c
2 issues
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* So just sample it once and use the same value everywhere.
*/
kaddr = kmap_atomic(page);
memcpy(kaddr, iinfo->i_data + iinfo->i_lenEAttr, isize);
memset(kaddr + isize, 0, PAGE_SIZE - isize);
flush_dcache_page(page);
SetPageUptodate(page);
kunmap_atomic(kaddr);
}
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUG_ON(!PageLocked(page));
kaddr = kmap_atomic(page);
memcpy(iinfo->i_data + iinfo->i_lenEAttr, kaddr, i_size_read(inode));
SetPageUptodate(page);
kunmap_atomic(kaddr);
mark_inode_dirty(inode);
unlock_page(page);
Reported by FlawFinder.
fs/udf/unicode.c
2 issues
Line: 262
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
crc[3] = hex_asc_upper_hi(valueCRC);
crc[4] = hex_asc_upper_lo(valueCRC);
len = min_t(int, CRC_LEN, str_max_len - str_o_len);
memcpy(&str_o[str_o_len], crc, len);
str_o_len += len;
ext_o_len = ext_crc_len;
}
if (ext_o_len > 0) {
memcpy(&str_o[str_o_len], ext, ext_o_len);
Reported by FlawFinder.
Line: 267
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ext_o_len = ext_crc_len;
}
if (ext_o_len > 0) {
memcpy(&str_o[str_o_len], ext, ext_o_len);
str_o_len += ext_o_len;
}
}
return str_o_len;
Reported by FlawFinder.