The following issues were found
fs/xfs/xfs_bmap_item.c
2 issues
Line: 585
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
set_bit(XFS_LI_DIRTY, &budp->bud_item.li_flags);
buip = xfs_bui_init(tp->t_mountp);
memcpy(buip->bui_format.bui_extents, extp, count * sizeof(*extp));
atomic_set(&buip->bui_next_extent, count);
xfs_trans_add_item(tp, &buip->bui_item);
set_bit(XFS_LI_DIRTY, &buip->bui_item.li_flags);
return &buip->bui_item;
}
Reported by FlawFinder.
Line: 619
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = xfs_bui_log_format_sizeof(src_bui_fmt->bui_nextents);
if (buf->i_len == len) {
memcpy(dst_bui_fmt, src_bui_fmt, len);
return 0;
}
XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW, NULL);
return -EFSCORRUPTED;
}
Reported by FlawFinder.
fs/xfs/xfs_inode_item_recover.c
2 issues
Line: 409
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (fields & XFS_ILOG_DFORK) {
case XFS_ILOG_DDATA:
case XFS_ILOG_DEXT:
memcpy(XFS_DFORK_DPTR(dip), src, len);
break;
case XFS_ILOG_DBROOT:
xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, len,
(struct xfs_bmdr_block *)XFS_DFORK_DPTR(dip),
Reported by FlawFinder.
Line: 446
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case XFS_ILOG_AEXT:
dest = XFS_DFORK_APTR(dip);
ASSERT(len <= XFS_DFORK_ASIZE(dip, mp));
memcpy(dest, src, len);
break;
case XFS_ILOG_ABROOT:
dest = XFS_DFORK_APTR(dip);
xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src,
Reported by FlawFinder.
fs/xfs/xfs_log.c
2 issues
Line: 1506
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
head->h_size = cpu_to_be32(log->l_iclog_size);
/* new fields */
head->h_fmt = cpu_to_be32(XLOG_FMT);
memcpy(&head->h_fs_uuid, &mp->m_sb.sb_uuid, sizeof(uuid_t));
iclog->ic_size = log->l_iclog_size - log->l_iclog_hsize;
iclog->ic_state = XLOG_STATE_ACTIVE;
iclog->ic_log = log;
atomic_set(&iclog->ic_refcnt, 0);
Reported by FlawFinder.
Line: 2508
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
ASSERT(copy_len >= 0);
if (copy_len > 0) {
memcpy(ptr, reg->i_addr + copy_off, copy_len);
xlog_write_adv_cnt(&ptr, &len, &log_offset,
copy_len);
}
copy_len += sizeof(struct xlog_op_header);
record_cnt++;
Reported by FlawFinder.
fs/xfs/xfs_refcount_item.c
2 issues
Line: 592
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
set_bit(XFS_LI_DIRTY, &cudp->cud_item.li_flags);
cuip = xfs_cui_init(tp->t_mountp, count);
memcpy(cuip->cui_format.cui_extents, extp, count * sizeof(*extp));
atomic_set(&cuip->cui_next_extent, count);
xfs_trans_add_item(tp, &cuip->cui_item);
set_bit(XFS_LI_DIRTY, &cuip->cui_item.li_flags);
return &cuip->cui_item;
}
Reported by FlawFinder.
Line: 626
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = xfs_cui_log_format_sizeof(src_cui_fmt->cui_nextents);
if (buf->i_len == len) {
memcpy(dst_cui_fmt, src_cui_fmt, len);
return 0;
}
XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW, NULL);
return -EFSCORRUPTED;
}
Reported by FlawFinder.
fs/xfs/xfs_rmap_item.c
2 issues
Line: 177
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EFSCORRUPTED;
}
memcpy(dst_rui_fmt, src_rui_fmt, len);
return 0;
}
static inline struct xfs_rud_log_item *RUD_ITEM(struct xfs_log_item *lip)
{
Reported by FlawFinder.
Line: 622
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
set_bit(XFS_LI_DIRTY, &rudp->rud_item.li_flags);
ruip = xfs_rui_init(tp->t_mountp, count);
memcpy(ruip->rui_format.rui_extents, extp, count * sizeof(*extp));
atomic_set(&ruip->rui_next_extent, count);
xfs_trans_add_item(tp, &ruip->rui_item);
set_bit(XFS_LI_DIRTY, &ruip->rui_item.li_flags);
return &ruip->rui_item;
}
Reported by FlawFinder.
include/acpi/actypes.h
2 issues
Line: 528
Column: 42
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Support for the special RSDP signature (8 characters) */
#define ACPI_VALIDATE_RSDP_SIG(a) (!strncmp (ACPI_CAST_PTR (char, (a)), ACPI_SIG_RSDP, 8))
#define ACPI_MAKE_RSDP_SIG(dest) (memcpy (ACPI_CAST_PTR (char, (dest)), ACPI_SIG_RSDP, 8))
/* Support for OEMx signature (x can be any character) */
#define ACPI_IS_OEM_SIG(a) (!strncmp (ACPI_CAST_PTR (char, (a)), ACPI_OEM_NAME, 3) &&\
strnlen (a, ACPI_NAMESEG_SIZE) == ACPI_NAMESEG_SIZE)
Reported by FlawFinder.
Line: 522
Column: 42
CWE codes:
120
#define ACPI_COPY_NAMESEG(dest,src) (*ACPI_CAST_PTR (u32, (dest)) = *ACPI_CAST_PTR (u32, (src)))
#else
#define ACPI_COMPARE_NAMESEG(a,b) (!strncmp (ACPI_CAST_PTR (char, (a)), ACPI_CAST_PTR (char, (b)), ACPI_NAMESEG_SIZE))
#define ACPI_COPY_NAMESEG(dest,src) (strncpy (ACPI_CAST_PTR (char, (dest)), ACPI_CAST_PTR (char, (src)), ACPI_NAMESEG_SIZE))
#endif
/* Support for the special RSDP signature (8 characters) */
#define ACPI_VALIDATE_RSDP_SIG(a) (!strncmp (ACPI_CAST_PTR (char, (a)), ACPI_SIG_RSDP, 8))
Reported by FlawFinder.
include/acpi/processor.h
2 issues
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 index;
u32 latency;
u8 bm_sts_skip;
char desc[ACPI_CX_DESC_LEN];
};
struct acpi_lpi_state {
u32 min_residency;
u32 wake_latency; /* worst case */
Reported by FlawFinder.
Line: 84
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 address;
u8 index;
u8 entry_method;
char desc[ACPI_CX_DESC_LEN];
};
struct acpi_processor_power {
int count;
union {
Reported by FlawFinder.
drivers/video/fbdev/pm3fb.c
2 issues
Line: 400
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vxres = info->var.xres_virtual;
vyres = info->var.yres_virtual;
memcpy(&modded, region, sizeof(struct fb_fillrect));
if (!modded.width || !modded.height ||
modded.dx >= vxres || modded.dy >= vyres)
return;
Reported by FlawFinder.
Line: 454
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(&modded, area, sizeof(struct fb_copyarea));
vxres = info->var.xres_virtual;
vyres = info->var.yres_virtual;
if (!modded.width || !modded.height ||
Reported by FlawFinder.
include/asm-generic/cacheflush.h
2 issues
Line: 108
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifndef copy_to_user_page
#define copy_to_user_page(vma, page, vaddr, dst, src, len) \
do { \
memcpy(dst, src, len); \
flush_icache_user_page(vma, page, vaddr, len); \
} while (0)
#endif
#ifndef copy_from_user_page
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifndef copy_from_user_page
#define copy_from_user_page(vma, page, vaddr, dst, src, len) \
memcpy(dst, src, len)
#endif
#endif /* _ASM_GENERIC_CACHEFLUSH_H */
Reported by FlawFinder.
include/asm-generic/io.h
2 issues
Line: 1127
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const volatile void __iomem *addr,
size_t size)
{
memcpy(buffer, __io_virt(addr), size);
}
#endif
#ifndef memcpy_toio
#define memcpy_toio memcpy_toio
Reported by FlawFinder.
Line: 1144
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void memcpy_toio(volatile void __iomem *addr, const void *buffer,
size_t size)
{
memcpy(__io_virt(addr), buffer, size);
}
#endif
#ifndef CONFIG_GENERIC_DEVMEM_IS_ALLOWED
extern int devmem_is_allowed(unsigned long pfn);
Reported by FlawFinder.