The following issues were found
arch/arm64/kvm/vgic/vgic-its.c
2 issues
Line: 2094
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long len = size;
int id = start_id;
gpa_t gpa = base;
char entry[ESZ_MAX];
int ret;
memset(entry, 0, esz);
while (len > 0) {
Reported by FlawFinder.
Line: 2558
Column: 9
CWE codes:
120
20
max_size = GITS_BASER_NR_PAGES(baser) * SZ_64K;
while (read < max_size) {
ret = vgic_its_restore_cte(its, gpa, cte_esz);
if (ret <= 0)
break;
gpa += cte_esz;
read += cte_esz;
Reported by FlawFinder.
arch/csky/abiv1/inc/abi/cacheflush.h
2 issues
Line: 55
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define copy_from_user_page(vma, page, vaddr, dst, src, len) \
do { \
memcpy(dst, src, len); \
} while (0)
#define copy_to_user_page(vma, page, vaddr, dst, src, len) \
do { \
memcpy(dst, src, len); \
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define copy_to_user_page(vma, page, vaddr, dst, src, len) \
do { \
memcpy(dst, src, len); \
cache_wbinv_all(); \
} while (0)
#endif /* __ABI_CSKY_CACHEFLUSH_H */
Reported by FlawFinder.
arch/csky/abiv2/inc/abi/cacheflush.h
2 issues
Line: 43
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define copy_to_user_page(vma, page, vaddr, dst, src, len) \
do { \
memcpy(dst, src, len); \
if (vma->vm_flags & VM_EXEC) { \
dcache_wb_range((unsigned long)dst, \
(unsigned long)dst + len); \
flush_icache_mm_range(current->mm, \
(unsigned long)dst, \
Reported by FlawFinder.
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} \
} while (0)
#define copy_from_user_page(vma, page, vaddr, dst, src, len) \
memcpy(dst, src, len)
#endif /* __ABI_CSKY_CACHEFLUSH_H */
Reported by FlawFinder.
arch/csky/include/asm/page.h
2 issues
Line: 45
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define pfn_valid(pfn) ((pfn) >= ARCH_PFN_OFFSET && ((pfn) - ARCH_PFN_OFFSET) < max_mapnr)
extern void *memset(void *dest, int c, size_t l);
extern void *memcpy(void *to, const void *from, size_t l);
#define clear_page(page) memset((page), 0, PAGE_SIZE)
#define copy_page(to, from) memcpy((to), (from), PAGE_SIZE)
#define page_to_phys(page) (page_to_pfn(page) << PAGE_SHIFT)
Reported by FlawFinder.
Line: 48
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
extern void *memcpy(void *to, const void *from, size_t l);
#define clear_page(page) memset((page), 0, PAGE_SIZE)
#define copy_page(to, from) memcpy((to), (from), PAGE_SIZE)
#define page_to_phys(page) (page_to_pfn(page) << PAGE_SHIFT)
#define phys_to_page(paddr) (pfn_to_page(PFN_DOWN(paddr)))
struct page;
Reported by FlawFinder.
arch/h8300/boot/compressed/misc.c
2 issues
Line: 23
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define STATIC static
#undef memset
#undef memcpy
#define memzero(s, n) memset((s), (0), (n))
extern int _end;
static unsigned long free_mem_ptr;
static unsigned long free_mem_end_ptr;
Reported by FlawFinder.
Line: 54
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return s;
}
void *memcpy(void *dest, const void *src, size_t n)
{
int i;
char *d = (char *)dest, *s = (char *)src;
for (i = 0; i < n; i++)
Reported by FlawFinder.
arch/h8300/kernel/h8300_ksyms.c
2 issues
Line: 20
Column: 18
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
asmlinkage long long __muldi3(long long, long long);
asmlinkage long __mulsi3(long, long);
asmlinkage long __udivsi3(long, long);
asmlinkage void *memcpy(void *, const void *, size_t);
asmlinkage void *memset(void *, int, size_t);
asmlinkage long strncpy_from_user(void *to, void *from, size_t n);
/* gcc lib functions */
EXPORT_SYMBOL(__ucmpdi2);
Reported by FlawFinder.
Line: 35
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
EXPORT_SYMBOL(__muldi3);
EXPORT_SYMBOL(__mulsi3);
EXPORT_SYMBOL(__udivsi3);
EXPORT_SYMBOL(memcpy);
EXPORT_SYMBOL(memset);
EXPORT_SYMBOL(strncpy_from_user);
Reported by FlawFinder.
arch/h8300/kernel/kgdb.c
2 issues
Line: 50
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
default:
if (dbg_reg_def[regno].offset >= 0)
memcpy(mem, (void *)regs + dbg_reg_def[regno].offset,
dbg_reg_def[regno].size);
else
memset(mem, 0, dbg_reg_def[regno].size);
break;
}
Reported by FlawFinder.
Line: 73
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dbg_reg_def[regno].offset) = *(u32 *)mem;
break;
default:
memcpy((void *)regs + dbg_reg_def[regno].offset, mem,
dbg_reg_def[regno].size);
}
return 0;
}
Reported by FlawFinder.
arch/hexagon/include/asm/io.h
2 issues
Line: 182
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void memcpy_fromio(void *dst, const volatile void __iomem *src,
int count)
{
memcpy(dst, (void *) src, count);
}
static inline void memcpy_toio(volatile void __iomem *dst, const void *src,
int count)
{
Reported by FlawFinder.
Line: 188
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void memcpy_toio(volatile void __iomem *dst, const void *src,
int count)
{
memcpy((void *) dst, src, count);
}
static inline void memset_io(volatile void __iomem *addr, int value,
size_t size)
{
Reported by FlawFinder.
arch/hexagon/kernel/setup.c
2 issues
Line: 24
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <asm/vm_mmu.h>
#include <asm/time.h>
char cmd_line[COMMAND_LINE_SIZE];
static char default_command_line[COMMAND_LINE_SIZE] __initdata = CONFIG_CMDLINE;
int on_simulator;
void calibrate_delay(void)
Reported by FlawFinder.
Line: 25
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <asm/time.h>
char cmd_line[COMMAND_LINE_SIZE];
static char default_command_line[COMMAND_LINE_SIZE] __initdata = CONFIG_CMDLINE;
int on_simulator;
void calibrate_delay(void)
{
Reported by FlawFinder.
arch/ia64/hp/common/sba_iommu.c
2 issues
Line: 1656
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
poison_addr = addr;
for ( ; (u64) poison_addr < addr + iovp_size; poison_addr += poison_size)
memcpy(poison_addr, spill_poison, poison_size);
prefetch_spill_page = virt_to_phys(addr);
DBG_INIT("%s() prefetch spill addr: 0x%lx\n", __func__, prefetch_spill_page);
}
Reported by FlawFinder.
Line: 1812
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!ioc->name) {
ioc->name = kmalloc(24, GFP_KERNEL);
if (ioc->name)
sprintf((char *) ioc->name, "Unknown (%04x:%04x)",
ioc->func_id & 0xFFFF, (ioc->func_id >> 16) & 0xFFFF);
else
ioc->name = "Unknown";
}
Reported by FlawFinder.