The following issues were found
arch/nios2/mm/init.c
2 issues
Line: 89
CWE codes:
570
static int alloc_kuser_page(void)
{
extern char __kuser_helper_start[], __kuser_helper_end[];
int kuser_sz = __kuser_helper_end - __kuser_helper_start;
unsigned long vpage;
vpage = get_zeroed_page(GFP_ATOMIC);
if (!vpage)
return -ENOMEM;
Reported by Cppcheck.
Line: 97
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
/* Copy kuser helpers */
memcpy((void *)vpage, __kuser_helper_start, kuser_sz);
flush_icache_range(vpage, vpage + KUSER_SIZE);
kuser_page[0] = virt_to_page(vpage);
return 0;
Reported by FlawFinder.
arch/openrisc/include/asm/syscall.h
2 issues
Line: 57
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
syscall_get_arguments(struct task_struct *task, struct pt_regs *regs,
unsigned long *args)
{
memcpy(args, ®s->gpr[3], 6 * sizeof(args[0]));
}
static inline void
syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
const unsigned long *args)
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
const unsigned long *args)
{
memcpy(®s->gpr[3], args, 6 * sizeof(args[0]));
}
static inline int syscall_get_arch(struct task_struct *task)
{
return AUDIT_ARCH_OPENRISC;
Reported by FlawFinder.
arch/parisc/include/asm/barrier.h
2 issues
Line: 36
Column: 35
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define __smp_store_release(p, v) \
do { \
typeof(p) __p = (p); \
union { typeof(*p) __val; char __c[1]; } __u = \
{ .__val = (__force typeof(*p)) (v) }; \
compiletime_assert_atomic_type(*p); \
switch (sizeof(*p)) { \
case 1: \
asm volatile("stb,ma %0,0(%1)" \
Reported by FlawFinder.
Line: 66
Column: 28
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define __smp_load_acquire(p) \
({ \
union { typeof(*p) __val; char __c[1]; } __u; \
typeof(p) __p = (p); \
compiletime_assert_atomic_type(*p); \
switch (sizeof(*p)) { \
case 1: \
asm volatile("ldb,ma 0(%1),%0" \
Reported by FlawFinder.
arch/parisc/include/asm/cacheflush.h
2 issues
Line: 74
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define copy_to_user_page(vma, page, vaddr, dst, src, len) \
do { \
flush_cache_page(vma, vaddr, page_to_pfn(page)); \
memcpy(dst, src, len); \
flush_kernel_dcache_range_asm((unsigned long)dst, (unsigned long)dst + len); \
} while (0)
#define copy_from_user_page(vma, page, vaddr, dst, src, len) \
do { \
Reported by FlawFinder.
Line: 81
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define copy_from_user_page(vma, page, vaddr, dst, src, len) \
do { \
flush_cache_page(vma, vaddr, page_to_pfn(page)); \
memcpy(dst, src, len); \
} while (0)
void flush_cache_page(struct vm_area_struct *vma, unsigned long vmaddr, unsigned long pfn);
void flush_cache_range(struct vm_area_struct *vma,
unsigned long start, unsigned long end);
Reported by FlawFinder.
arch/parisc/include/asm/jump_label.h
2 issues
Line: 20
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
".word 1b - ., %l[l_yes] - .\n\t"
__stringify(ASM_ULONG_INSN) " %c0 - .\n\t"
".popsection\n\t"
: : "i" (&((char *)key)[branch]) : : l_yes);
return false;
l_yes:
return true;
}
Reported by FlawFinder.
Line: 35
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
".word 1b - ., %l[l_yes] - .\n\t"
__stringify(ASM_ULONG_INSN) " %c0 - .\n\t"
".popsection\n\t"
: : "i" (&((char *)key)[branch]) : : l_yes);
return false;
l_yes:
return true;
}
Reported by FlawFinder.
arch/parisc/include/uapi/asm/pdc.h
2 issues
Line: 373
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_path { /* page 1-69 */
unsigned char flags; /* flags see above! */
unsigned char bc[6]; /* bus converter routing info */
unsigned char mod;
unsigned int layers[6];/* device-specific layer-info */
} __attribute__((aligned(8))) ;
struct pz_device {
Reported by FlawFinder.
Line: 614
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hardware_path {
char flags; /* see bit definitions below */
char bc[6]; /* Bus Converter routing info to a specific */
/* I/O adaptor (< 0 means none, > 63 resvd) */
char mod; /* fixed field of specified module */
};
/*
Reported by FlawFinder.
arch/parisc/kernel/pdt.c
2 issues
Line: 121
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct pdc_pat_mem_phys_mem_location loc;
unsigned long addr;
char dimm_txt[32];
addr = pde & PDT_ADDR_PHYS_MASK;
/* show DIMM slot description on PAT machines */
if (is_pdc_pat()) {
Reported by FlawFinder.
Line: 128
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* show DIMM slot description on PAT machines */
if (is_pdc_pat()) {
pdc_pat_mem_get_dimm_phys_location(&loc, addr);
sprintf(dimm_txt, "DIMM slot %02x, ", loc.dimm_slot);
} else
dimm_txt[0] = 0;
pr_warn("PDT: BAD MEMORY at 0x%08lx, %s%s%s-bit error.\n",
addr, dimm_txt,
Reported by FlawFinder.
arch/parisc/kernel/traps.c
2 issues
Line: 81
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void print_gr(const char *level, struct pt_regs *regs)
{
int i;
char buf[64];
printk("%s\n", level);
printk("%s YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\n", level);
printbinary(buf, regs->gr[0], 32);
printk("%sPSW: %s %s\n", level, buf, print_tainted());
Reported by FlawFinder.
Line: 95
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void print_fr(const char *level, struct pt_regs *regs)
{
int i;
char buf[64];
struct { u32 sw[2]; } s;
/* FR are 64bit everywhere. Need to use asm to get the content
* of fpsr/fper1, and we assume that we won't have a FP Identify
* in our way, otherwise we're screwed.
Reported by FlawFinder.
arch/parisc/kernel/unaligned.c
2 issues
Line: 454
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(current->thread.flags & PARISC_UAC_NOPRINT) &&
__ratelimit(&ratelimit)) {
char buf[256];
sprintf(buf, "%s(%d): unaligned access to 0x" RFMT " at ip=0x" RFMT "\n",
current->comm, task_pid_nr(current), regs->ior, regs->iaoq[0]);
printk(KERN_WARNING "%s", buf);
#ifdef DEBUG_UNALIGNED
show_regs(regs);
#endif
Reported by FlawFinder.
Line: 453
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!(current->thread.flags & PARISC_UAC_NOPRINT) &&
__ratelimit(&ratelimit)) {
char buf[256];
sprintf(buf, "%s(%d): unaligned access to 0x" RFMT " at ip=0x" RFMT "\n",
current->comm, task_pid_nr(current), regs->ior, regs->iaoq[0]);
printk(KERN_WARNING "%s", buf);
#ifdef DEBUG_UNALIGNED
show_regs(regs);
Reported by FlawFinder.
arch/parisc/lib/memcpy.c
2 issues
Line: 49
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
void * memcpy(void * dst,const void *src, size_t count)
{
mtsp(get_kernel_space(), 1);
mtsp(get_kernel_space(), 2);
pa_memcpy(dst, src, count);
return dst;
Reported by FlawFinder.
Line: 58
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
EXPORT_SYMBOL(raw_copy_in_user);
EXPORT_SYMBOL(memcpy);
bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)
{
if ((unsigned long)unsafe_src < PAGE_SIZE)
return false;
Reported by FlawFinder.