The following issues were found
arch/alpha/kernel/core_wildfire.c
2 issues
Line: 48
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void wildfire_dump_hardware_config(void);
#endif
unsigned char wildfire_hard_qbb_map[WILDFIRE_MAX_QBB];
unsigned char wildfire_soft_qbb_map[WILDFIRE_MAX_QBB];
#define QBB_MAP_EMPTY 0xff
unsigned long wildfire_hard_qbb_mask;
unsigned long wildfire_soft_qbb_mask;
Reported by FlawFinder.
Line: 49
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
unsigned char wildfire_hard_qbb_map[WILDFIRE_MAX_QBB];
unsigned char wildfire_soft_qbb_map[WILDFIRE_MAX_QBB];
#define QBB_MAP_EMPTY 0xff
unsigned long wildfire_hard_qbb_mask;
unsigned long wildfire_soft_qbb_mask;
unsigned long wildfire_gp_mask;
Reported by FlawFinder.
arch/alpha/kernel/srm_env.c
2 issues
Line: 193
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Create all numbered nodes
*/
for (var_num = 0; var_num <= 255; var_num++) {
char name[4];
sprintf(name, "%ld", var_num);
if (!proc_create_data(name, 0644, numbered_dir,
&srm_env_proc_ops, (void *)var_num))
goto cleanup;
}
Reported by FlawFinder.
Line: 194
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
for (var_num = 0; var_num <= 255; var_num++) {
char name[4];
sprintf(name, "%ld", var_num);
if (!proc_create_data(name, 0644, numbered_dir,
&srm_env_proc_ops, (void *)var_num))
goto cleanup;
}
Reported by FlawFinder.
arch/alpha/kernel/sys_rx164.c
2 issues
Line: 150
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
rx164_map_irq(const struct pci_dev *dev, u8 slot, u8 pin)
{
#if 0
static char irq_tab_pass1[6][5] __initdata = {
/*INT INTA INTB INTC INTD */
{ 16+3, 16+3, 16+8, 16+13, 16+18}, /* IdSel 5, slot 2 */
{ 16+5, 16+5, 16+10, 16+15, 16+20}, /* IdSel 6, slot 0 */
{ 16+4, 16+4, 16+9, 16+14, 16+19}, /* IdSel 7, slot 1 */
{ -1, -1, -1, -1, -1}, /* IdSel 8, PCI/ISA bridge */
Reported by FlawFinder.
Line: 160
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ 16+1, 16+1, 16+6, 16+11, 16+16}, /* IdSel 10, slot 4 */
};
#else
static char irq_tab[6][5] = {
/*INT INTA INTB INTC INTD */
{ 16+0, 16+0, 16+6, 16+11, 16+16}, /* IdSel 5, slot 0 */
{ 16+1, 16+1, 16+7, 16+12, 16+17}, /* IdSel 6, slot 1 */
{ -1, -1, -1, -1, -1}, /* IdSel 7, PCI/ISA bridge */
{ 16+2, 16+2, 16+8, 16+13, 16+18}, /* IdSel 8, slot 2 */
Reported by FlawFinder.
arch/alpha/kernel/sys_takara.c
2 issues
Line: 161
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
takara_map_irq_srm(const struct pci_dev *dev, u8 slot, u8 pin)
{
static char irq_tab[15][5] = {
{ 16+3, 16+3, 16+3, 16+3, 16+3}, /* slot 6 == device 3 */
{ 16+2, 16+2, 16+2, 16+2, 16+2}, /* slot 7 == device 2 */
{ 16+1, 16+1, 16+1, 16+1, 16+1}, /* slot 8 == device 1 */
{ -1, -1, -1, -1, -1}, /* slot 9 == nothing */
{ -1, -1, -1, -1, -1}, /* slot 10 == nothing */
Reported by FlawFinder.
Line: 192
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init
takara_map_irq(const struct pci_dev *dev, u8 slot, u8 pin)
{
static char irq_tab[15][5] __initdata = {
{ 16+3, 16+3, 16+3, 16+3, 16+3}, /* slot 6 == device 3 */
{ 16+2, 16+2, 16+2, 16+2, 16+2}, /* slot 7 == device 2 */
{ 16+1, 16+1, 16+1, 16+1, 16+1}, /* slot 8 == device 1 */
{ -1, -1, -1, -1, -1}, /* slot 9 == nothing */
{ -1, -1, -1, -1, -1}, /* slot 10 == nothing */
Reported by FlawFinder.
arch/alpha/lib/memcpy.c
2 issues
Line: 153
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DO_REST_ALIGNED_DN(d,s,n);
}
void * memcpy(void * dest, const void *src, size_t n)
{
if (!(((unsigned long) dest ^ (unsigned long) src) & 7)) {
__memcpy_aligned_up ((unsigned long) dest, (unsigned long) src,
n);
return dest;
Reported by FlawFinder.
Line: 163
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__memcpy_unaligned_up ((unsigned long) dest, (unsigned long) src, n);
return dest;
}
EXPORT_SYMBOL(memcpy);
Reported by FlawFinder.
arch/alpha/lib/srm_printk.c
2 issues
Line: 18
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
char *src, *dst;
va_start(args, fmt);
len = vsprintf(buf, fmt, args);
va_end(args);
/* count number of linefeeds in string: */
num_lf = 0;
Reported by FlawFinder.
Line: 12
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long
srm_printk(const char *fmt, ...)
{
static char buf[1024];
va_list args;
long len, num_lf;
char *src, *dst;
va_start(args, fmt);
Reported by FlawFinder.
arch/arc/include/asm/cacheflush.h
2 issues
Line: 109
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define copy_to_user_page(vma, page, vaddr, dst, src, len) \
do { \
memcpy(dst, src, len); \
if (vma->vm_flags & VM_EXEC) \
__sync_icache_dcache((unsigned long)(dst), vaddr, len); \
} while (0)
#define copy_from_user_page(vma, page, vaddr, dst, src, len) \
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} while (0)
#define copy_from_user_page(vma, page, vaddr, dst, src, len) \
memcpy(dst, src, len); \
#endif
Reported by FlawFinder.
arch/arc/include/asm/jump_label.h
2 issues
Line: 40
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
".pushsection __jump_table, \"aw\" \n"
".word 1b, %l[l_yes], %c0 \n"
".popsection \n"
: : "i" (&((char *)key)[branch]) : : l_yes);
return false;
l_yes:
return true;
}
Reported by FlawFinder.
Line: 56
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
".pushsection __jump_table, \"aw\" \n"
".word 1b, %l[l_yes], %c0 \n"
".popsection \n"
: : "i" (&((char *)key)[branch]) : : l_yes);
return false;
l_yes:
return true;
}
Reported by FlawFinder.
arch/arc/kernel/mcip.c
2 issues
Line: 161
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
READ_BCR(ARC_REG_MCIP_BCR, mp);
sprintf(smp_cpuinfo_buf,
"Extn [SMP]\t: ARConnect (v%d): %d cores with %s%s%s%s\n",
mp.ver, mp.num_cores,
IS_AVAIL1(mp.ipi, "IPI "),
IS_AVAIL1(mp.idu, "IDU "),
IS_AVAIL1(mp.dbg, "DEBUG "),
Reported by FlawFinder.
Line: 20
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_SMP
static char smp_cpuinfo_buf[128];
/*
* Set mask to halt GFRC if any online core in SMP cluster is halted.
* Only works for ARC HS v3.0+, on earlier versions has no effect.
*/
Reported by FlawFinder.
arch/arc/kernel/setup.c
2 issues
Line: 270
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct cpuinfo_arc *cpu = &cpuinfo_arc700[cpu_id];
struct bcr_identity *core = &cpu->core;
char mpy_opt[16];
int n = 0;
FIX_PTR(cpu);
n += scnprintf(buf + n, len - n,
Reported by FlawFinder.
Line: 459
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void setup_processor(void)
{
char str[512];
int cpu_id = smp_processor_id();
read_arc_build_cfg_regs();
arc_init_IRQ();
Reported by FlawFinder.