The following issues were found
arch/arc/kernel/troubleshoot.c
2 issues
Line: 59
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *path_nm = NULL;
struct mm_struct *mm;
struct file *exe_file;
char buf[ARC_PATH_MAX];
mm = get_task_mm(tsk);
if (!mm)
goto done;
Reported by FlawFinder.
Line: 92
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* found
*/
if (vma) {
char buf[ARC_PATH_MAX];
char *nm = "?";
if (vma->vm_file) {
nm = file_path(vma->vm_file, buf, ARC_PATH_MAX-1);
if (IS_ERR(nm))
Reported by FlawFinder.
arch/arc/mm/tlb.c
2 issues
Line: 775
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int n = 0;
struct cpuinfo_arc_mmu *p_mmu = &cpuinfo_arc700[cpu_id].mmu;
char super_pg[64] = "";
if (p_mmu->s_pg_sz_m)
scnprintf(super_pg, 64, "%dM Super Page %s",
p_mmu->s_pg_sz_m,
IS_USED_CFG(CONFIG_TRANSPARENT_HUGEPAGE));
Reported by FlawFinder.
Line: 800
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void arc_mmu_init(void)
{
struct cpuinfo_arc_mmu *mmu = &cpuinfo_arc700[smp_processor_id()].mmu;
char str[256];
int compat = 0;
pr_info("%s", arc_mmu_mumbojumbo(0, str, sizeof(str)));
/*
Reported by FlawFinder.
arch/arm/include/asm/arch_timer.h
2 issues
Line: 27
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* the code. At least it does so with a recent GCC (4.6.3).
*/
static __always_inline
void arch_timer_reg_write_cp15(int access, enum arch_timer_reg reg, u32 val)
{
if (access == ARCH_TIMER_PHYS_ACCESS) {
switch (reg) {
case ARCH_TIMER_REG_CTRL:
asm volatile("mcr p15, 0, %0, c14, c2, 1" : : "r" (val));
Reported by FlawFinder.
Line: 53
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
static __always_inline
u32 arch_timer_reg_read_cp15(int access, enum arch_timer_reg reg)
{
u32 val = 0;
if (access == ARCH_TIMER_PHYS_ACCESS) {
switch (reg) {
Reported by FlawFinder.
arch/arm/include/asm/ecard.h
2 issues
Line: 174
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct in_chunk_dir {
unsigned int start_offset;
union {
unsigned char string[256];
unsigned char data[1];
} d;
};
/*
Reported by FlawFinder.
Line: 175
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int start_offset;
union {
unsigned char string[256];
unsigned char data[1];
} d;
};
/*
* Read a chunk from an expansion card
Reported by FlawFinder.
arch/arm/include/asm/hw_breakpoint.h
2 issues
Line: 13
Column: 3
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
struct arch_hw_breakpoint_ctrl {
u32 __reserved : 9,
mismatch : 1,
: 9,
len : 8,
type : 2,
privilege : 2,
enabled : 1;
Reported by FlawFinder.
Line: 30
Column: 15
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
static inline u32 encode_ctrl_reg(struct arch_hw_breakpoint_ctrl ctrl)
{
return (ctrl.mismatch << 22) | (ctrl.len << 5) | (ctrl.type << 3) |
(ctrl.privilege << 1) | ctrl.enabled;
}
static inline void decode_ctrl_reg(u32 reg,
struct arch_hw_breakpoint_ctrl *ctrl)
Reported by FlawFinder.
arch/arm/include/asm/jump_label.h
2 issues
Line: 19
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
".pushsection __jump_table, \"aw\"\n\t"
".word 1b, %l[l_yes], %c0\n\t"
".popsection\n\t"
: : "i" (&((char *)key)[branch]) : : l_yes);
return false;
l_yes:
return true;
}
Reported by FlawFinder.
Line: 33
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
".pushsection __jump_table, \"aw\"\n\t"
".word 1b, %l[l_yes], %c0\n\t"
".popsection\n\t"
: : "i" (&((char *)key)[branch]) : : l_yes);
return false;
l_yes:
return true;
}
Reported by FlawFinder.
arch/arm/include/asm/string.h
2 issues
Line: 20
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
extern char * strchr(const char * s, int c);
#define __HAVE_ARCH_MEMCPY
extern void * memcpy(void *, const void *, __kernel_size_t);
extern void *__memcpy(void *dest, const void *src, __kernel_size_t n);
#define __HAVE_ARCH_MEMMOVE
extern void * memmove(void *, const void *, __kernel_size_t);
extern void *__memmove(void *dest, const void *src, __kernel_size_t n);
Reported by FlawFinder.
Line: 58
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* these defines kick in.
*/
#if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
#define memcpy(dst, src, len) __memcpy(dst, src, len)
#define memmove(dst, src, len) __memmove(dst, src, len)
#define memset(s, c, n) __memset(s, c, n)
#ifndef __NO_FORTIFY
#define __NO_FORTIFY /* FORTIFY_SOURCE uses __builtin_memcpy, etc. */
Reported by FlawFinder.
arch/arm/include/asm/syscall.h
2 issues
Line: 63
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
args[0] = regs->ARM_ORIG_r0;
args++;
memcpy(args, ®s->ARM_r0 + 1, 5 * sizeof(args[0]));
}
static inline void syscall_set_arguments(struct task_struct *task,
struct pt_regs *regs,
const unsigned long *args)
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
regs->ARM_ORIG_r0 = args[0];
args++;
memcpy(®s->ARM_r0 + 1, args, 5 * sizeof(args[0]));
}
static inline int syscall_get_arch(struct task_struct *task)
{
/* ARM tasks don't change audit architectures on the fly. */
Reported by FlawFinder.
arch/arm/include/asm/uaccess.h
2 issues
Line: 567
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline unsigned long
raw_copy_from_user(void *to, const void __user *from, unsigned long n)
{
memcpy(to, (const void __force *)from, n);
return 0;
}
static inline unsigned long
raw_copy_to_user(void __user *to, const void *from, unsigned long n)
{
Reported by FlawFinder.
Line: 573
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline unsigned long
raw_copy_to_user(void __user *to, const void *from, unsigned long n)
{
memcpy((void __force *)to, from, n);
return 0;
}
#define __clear_user(addr, n) (memset((void __force *)addr, 0, n), 0)
#endif
#define INLINE_COPY_TO_USER
Reported by FlawFinder.
arch/arm/include/asm/user.h
2 issues
Line: 46
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} fpregs[8];
unsigned int fpsr:32;
unsigned int fpcr:32;
unsigned char ftype[8];
unsigned int init_flag;
};
/* When the kernel dumps core, it starts by dumping the user struct -
this will be used by gdb to figure out where the data and stack segments
Reported by FlawFinder.
Line: 74
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long u_ar0; /* Used by gdb to help find the values for */
/* the registers. */
unsigned long magic; /* To uniquely identify a core file */
char u_comm[32]; /* User command that was responsible */
int u_debugreg[8]; /* No longer used */
struct user_fp u_fp; /* FP state */
struct user_fp_struct * u_fp0;/* Used by gdb to help find the values for */
/* the FP registers. */
};
Reported by FlawFinder.