Codekhana

arch/parisc/math-emu/driver.c

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 82 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	 */
	__u64 frcopy[36];

	memcpy(frcopy, regs->fr, sizeof regs->fr);
	frcopy[32] = 0;

	memcpy(&orig_sw, frcopy, sizeof(orig_sw));

	if (FPUDEBUG) {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 104 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		printk(KERN_DEBUG "\n");
	}

	memcpy(regs->fr, frcopy, sizeof regs->fr);
	if (signalcode != 0) {
	    force_sig_fault(signalcode >> 24, signalcode & 0xffffff,
			    (void __user *) regs->iaoq[0]);
	    return -1;
	}

Reported by FlawFinder.

arch/parisc/math-emu/fcnvxf.c

2 issues

Signed integer overflow for expression 'src<<33-8'.

Error

Line: 88 CWE codes: 190

              	Sgl_set_exponent(result, 30+SGL_BIAS - dst_exponent);

	/* check for inexact */
	if (Int_isinexact_to_sgl(src)) {
		switch (Rounding_mode()) {
			case ROUNDPLUS: 
				if (Sgl_iszero_sign(result)) 
					Sgl_increment(result);
				break;

Reported by Cppcheck.

Signed integer overflow for expression 'src<<(33-11)'.

Error

Line: 156 CWE codes: 190

              	if (dst_exponent >= 0) src <<= dst_exponent;
	else src = 1 << 30;
	Dbl_set_mantissap1(resultp1, src >> DBL_EXP_LENGTH - 1);
	Dbl_set_mantissap2(resultp2, src << (33-DBL_EXP_LENGTH));
	Dbl_set_exponent(resultp1, (30+DBL_BIAS) - dst_exponent);
	Dbl_copytoptr(resultp1,resultp2,dstptr);
	return(NOEXCEPTION);
}

Reported by Cppcheck.

arch/powerpc/boot/devtree.c

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 154 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	int pad = MAX_ADDR_CELLS - naddr;

	memset(dest, 0, pad * 4);
	memcpy(dest + pad, src, naddr * 4);
}

static int sub_reg(u32 *reg, u32 *sub)
{
	int i, borrow = 0;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 333 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (buflen > sizeof(prop_buf))
		return 0;

	memcpy(prop_buf, buf, buflen);
	return dt_xlate(node, 0, buflen / 4, xlated_addr, NULL);
}

int dt_is_compatible(void *node, const char *compat)
{

Reported by FlawFinder.

arch/powerpc/boot/elf.h

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 56 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              #define EI_NIDENT	16

typedef struct elf32_hdr {
	unsigned char e_ident[EI_NIDENT];
	Elf32_Half e_type;
	Elf32_Half e_machine;
	Elf32_Word e_version;
	Elf32_Addr e_entry;	/* Entry point */
	Elf32_Off e_phoff;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 73 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              } Elf32_Ehdr;

typedef struct elf64_hdr {
	unsigned char e_ident[16];	/* ELF "magic number" */
	Elf64_Half e_type;
	Elf64_Half e_machine;
	Elf64_Word e_version;
	Elf64_Addr e_entry;	/* Entry point virtual address */
	Elf64_Off e_phoff;	/* Program header table file offset */

Reported by FlawFinder.

arch/powerpc/boot/libfdt-wrapper.c

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 76 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	p = fdt_getprop(fdt, devp_offset(devp), name, &len);
	if (!p)
		return check_err(len);
	memcpy(buf, p, min(len, buflen));
	return len;
}

static int fdt_wrapper_setprop(const void *devp, const char *name,
			       const void *buf, const int len)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)

Security

Line: 110 Column: 14 CWE codes: 126

              
	offset = fdt_add_subnode(fdt, devp_offset(devp), name);
	if (offset == -FDT_ERR_NOSPACE) {
		expand_buf(strlen(name) + 16);
		offset = fdt_add_subnode(fdt, devp_offset(devp), name);
	}

	return offset_devp(offset);
}

Reported by FlawFinder.

arch/powerpc/boot/redboot.h

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 34 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  unsigned int   bi_pci_freq;   /* PCI Freq, in Hz */
    unsigned int   bi_baudrate;   /* Default console baud rate */
    unsigned int   bi_immr;       /* IMMR when called from boot rom */
    unsigned char  bi_enetaddr[6];
    unsigned int   bi_flashbase;  /* Physical address of FLASH memory */
    unsigned int   bi_flashsize;  /* Length of FLASH memory */
    int            bi_flashwidth; /* Width (8,16,32,64) */
    unsigned char *bi_cmdline;    /* Pointer to command line */
    unsigned char  bi_esa[3][6];  /* Ethernet station addresses */

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 39 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  unsigned int   bi_flashsize;  /* Length of FLASH memory */
    int            bi_flashwidth; /* Width (8,16,32,64) */
    unsigned char *bi_cmdline;    /* Pointer to command line */
    unsigned char  bi_esa[3][6];  /* Ethernet station addresses */
    unsigned int   bi_ramdisk_begin, bi_ramdisk_end;
    struct {                      /* Information about [main] video screen */
        short x_res;              /*   Horizontal resolution in pixels */
        short y_res;              /*   Vertical resolution in pixels */
        short bpp;                /*   Bits/pixel */

Reported by FlawFinder.

arch/powerpc/include/asm/epapr_hcalls.h

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 283 Column: 29 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               * Returns 0 for success, or an error code.
 */
static inline unsigned int ev_byte_channel_send(unsigned int handle,
	unsigned int *count, const char buffer[EV_BYTE_CHANNEL_MAX_BYTES])
{
	register uintptr_t r11 __asm__("r11");
	register uintptr_t r3 __asm__("r3");
	register uintptr_t r4 __asm__("r4");
	register uintptr_t r5 __asm__("r5");

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 326 Column: 23 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               * Returns 0 for success, or an error code.
 */
static inline unsigned int ev_byte_channel_receive(unsigned int handle,
	unsigned int *count, char buffer[EV_BYTE_CHANNEL_MAX_BYTES])
{
	register uintptr_t r11 __asm__("r11");
	register uintptr_t r3 __asm__("r3");
	register uintptr_t r4 __asm__("r4");
	register uintptr_t r5 __asm__("r5");

Reported by FlawFinder.

arch/powerpc/include/asm/jump_label.h

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 26 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              		 ".long 1b - ., %l[l_yes] - .\n\t"
		 JUMP_ENTRY_TYPE "%c0 - .\n\t"
		 ".popsection \n\t"
		 : :  "i" (&((char *)key)[branch]) : : l_yes);

	return false;
l_yes:
	return true;
}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 41 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              		 ".long 1b - ., %l[l_yes] - .\n\t"
		 JUMP_ENTRY_TYPE "%c0 - .\n\t"
		 ".popsection \n\t"
		 : :  "i" (&((char *)key)[branch]) : : l_yes);

	return false;
l_yes:
	return true;
}

Reported by FlawFinder.

arch/powerpc/include/asm/paca.h

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 153 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
#ifdef CONFIG_PPC_BOOK3S
#ifdef CONFIG_PPC_MM_SLICES
	unsigned char mm_ctx_low_slices_psize[BITS_PER_LONG / BITS_PER_BYTE];
	unsigned char mm_ctx_high_slices_psize[SLICE_ARRAY_SIZE];
#else
	u16 mm_ctx_user_psize;
	u16 mm_ctx_sllp;
#endif

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 154 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              #ifdef CONFIG_PPC_BOOK3S
#ifdef CONFIG_PPC_MM_SLICES
	unsigned char mm_ctx_low_slices_psize[BITS_PER_LONG / BITS_PER_BYTE];
	unsigned char mm_ctx_high_slices_psize[SLICE_ARRAY_SIZE];
#else
	u16 mm_ctx_user_psize;
	u16 mm_ctx_sllp;
#endif
#endif

Reported by FlawFinder.

arch/powerpc/include/asm/plpar_wrappers.h

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 183 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	rc = plpar_hcall9(H_READ, retbuf, flags | H_READ_4, ptex);

	memcpy(ptes, retbuf, 8*sizeof(unsigned long));

	return rc;
}

/*

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 201 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	rc = plpar_hcall9_raw(H_READ, retbuf, flags | H_READ_4, ptex);

	memcpy(ptes, retbuf, 8*sizeof(unsigned long));

	return rc;
}

static inline long plpar_pte_protect(unsigned long flags, unsigned long ptex,

Reported by FlawFinder.

Modal title

The following issues were found

arch/parisc/math-emu/driver.c

2 issues

arch/parisc/math-emu/fcnvxf.c

2 issues

arch/powerpc/boot/devtree.c

2 issues

arch/powerpc/boot/elf.h

2 issues

arch/powerpc/boot/libfdt-wrapper.c

2 issues

arch/powerpc/boot/redboot.h

2 issues

arch/powerpc/include/asm/epapr_hcalls.h

2 issues

arch/powerpc/include/asm/jump_label.h

2 issues

arch/powerpc/include/asm/paca.h

2 issues

arch/powerpc/include/asm/plpar_wrappers.h

2 issues