The following issues were found
arch/powerpc/include/asm/rtas-types.h
2 issues
Line: 47
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
u8 byte3; /* General event or error*/
__be32 extended_log_length; /* length in bytes */
unsigned char buffer[1]; /* Start of extended log */
/* Variable length. */
};
/* RTAS general extended event log, Version 6. The extended log starts
* from "buffer" field of struct rtas_error_log defined above.
Reported by FlawFinder.
Line: 112
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 drc_index;
__be32 drc_count;
struct { __be32 count, index; } ic;
char drc_name[1];
} _drc_u;
};
#endif /* _ASM_POWERPC_RTAS_TYPES_H */
Reported by FlawFinder.
arch/powerpc/kernel/btext.c
2 issues
Line: 46
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define cmapsz (16*256)
static unsigned char vga_font[cmapsz];
int boot_text_mapped __force_data = 0;
int force_printk_to_btext = 0;
extern void rmci_on(void);
Reported by FlawFinder.
Line: 586
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
udbg_putc = btext_drawchar;
}
static unsigned char vga_font[cmapsz] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7e, 0x81, 0xa5, 0x81, 0x81, 0xbd,
0x99, 0x81, 0x81, 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7e, 0xff,
0xdb, 0xff, 0xff, 0xc3, 0xe7, 0xff, 0xff, 0x7e, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x6c, 0xfe, 0xfe, 0xfe, 0xfe, 0x7c, 0x38, 0x10,
Reported by FlawFinder.
arch/powerpc/kernel/cputable.c
2 issues
Line: 1988
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* use memcpy() instead of *t = *s so that GCC replaces it
* by __memcpy() when KASAN is active
*/
memcpy(t, s, sizeof(*t));
*PTRRELOC(&cur_cpu_spec) = &the_cpu_spec;
}
static struct cpu_spec * __init setup_cpu_spec(unsigned long offset,
Reported by FlawFinder.
Line: 2006
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Copy everything, then do fixups. Use memcpy() instead of *t = *s
* so that GCC replaces it by __memcpy() when KASAN is active
*/
memcpy(t, s, sizeof(*t));
/*
* If we are overriding a previous value derived from the real
* PVR with a new value obtained using a logical PVR value,
* don't modify the performance monitor fields.
Reported by FlawFinder.
arch/powerpc/kernel/dt_cpu_ftrs.c
2 issues
Line: 92
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
init_pmu_registers();
}
static char dt_cpu_name[64];
static struct cpu_spec __initdata base_cpu_spec = {
.cpu_name = NULL,
.cpu_features = CPU_FTRS_DT_CPU_BASE,
.cpu_user_features = COMMON_USER_BASE,
Reported by FlawFinder.
Line: 1091
Column: 14
CWE codes:
126
}
prop = of_get_flat_dt_prop(node, "display-name", NULL);
if (prop && strlen((char *)prop) != 0) {
strlcpy(dt_cpu_name, (char *)prop, sizeof(dt_cpu_name));
cur_cpu_spec->cpu_name = dt_cpu_name;
}
cpufeatures_setup_finished();
Reported by FlawFinder.
arch/powerpc/kernel/kprobes.c
2 issues
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*
* Also handle <module:symbol> format.
*/
char dot_name[MODULE_NAME_LEN + 1 + KSYM_NAME_LEN];
bool dot_appended = false;
const char *c;
ssize_t ret = 0;
int len = 0;
Reported by FlawFinder.
Line: 86
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((c = strnchr(name, MODULE_NAME_LEN, ':')) != NULL) {
c++;
len = c - name;
memcpy(dot_name, name, len);
} else
c = name;
if (*c != '\0' && *c != '.') {
dot_name[len++] = '.';
Reported by FlawFinder.
arch/powerpc/kernel/legacy_serial.c
2 issues
Line: 671
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
DBG("Found serial console at ttyS%d\n", offset);
if (speed) {
static char __initdata opt[16];
sprintf(opt, "%d", speed);
return add_preferred_console("ttyS", offset, opt);
} else
return add_preferred_console("ttyS", offset, NULL);
Reported by FlawFinder.
Line: 672
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (speed) {
static char __initdata opt[16];
sprintf(opt, "%d", speed);
return add_preferred_console("ttyS", offset, opt);
} else
return add_preferred_console("ttyS", offset, NULL);
not_found:
Reported by FlawFinder.
arch/powerpc/kernel/paca.c
2 issues
Line: 351
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef CONFIG_PPC_MM_SLICES
VM_BUG_ON(!mm_ctx_slb_addr_limit(context));
memcpy(&get_paca()->mm_ctx_low_slices_psize, mm_ctx_low_slices(context),
LOW_SLICE_ARRAY_SZ);
memcpy(&get_paca()->mm_ctx_high_slices_psize, mm_ctx_high_slices(context),
TASK_SLICE_ARRAY_SZ(context));
#else /* CONFIG_PPC_MM_SLICES */
get_paca()->mm_ctx_user_psize = context->user_psize;
Reported by FlawFinder.
Line: 353
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
VM_BUG_ON(!mm_ctx_slb_addr_limit(context));
memcpy(&get_paca()->mm_ctx_low_slices_psize, mm_ctx_low_slices(context),
LOW_SLICE_ARRAY_SZ);
memcpy(&get_paca()->mm_ctx_high_slices_psize, mm_ctx_high_slices(context),
TASK_SLICE_ARRAY_SZ(context));
#else /* CONFIG_PPC_MM_SLICES */
get_paca()->mm_ctx_user_psize = context->user_psize;
get_paca()->mm_ctx_sllp = context->sllp;
#endif
Reported by FlawFinder.
arch/powerpc/kernel/ptrace/ptrace-fpu.c
2 issues
Line: 21
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef CONFIG_PPC_FPU_REGS
flush_fp_to_thread(child);
if (fpidx < (PT_FPSCR - PT_FPR0))
memcpy(data, &child->thread.TS_FPR(fpidx), sizeof(long));
else
*data = child->thread.fp_state.fpscr;
#else
*data = 0;
#endif
Reported by FlawFinder.
Line: 43
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef CONFIG_PPC_FPU_REGS
flush_fp_to_thread(child);
if (fpidx < (PT_FPSCR - PT_FPR0))
memcpy(&child->thread.TS_FPR(fpidx), &data, sizeof(long));
else
child->thread.fp_state.fpscr = data;
#endif
return 0;
Reported by FlawFinder.
arch/powerpc/kernel/setup-common.c
2 issues
Line: 613
CWE codes:
570
}
for (machine_id = &__machine_desc_start;
machine_id < &__machine_desc_end;
machine_id++) {
DBG(" %s ...", machine_id->name);
memcpy(&ppc_md, machine_id, sizeof(struct machdep_calls));
if (ppc_md.probe()) {
DBG(" match !\n");
Reported by Cppcheck.
Line: 616
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
machine_id < &__machine_desc_end;
machine_id++) {
DBG(" %s ...", machine_id->name);
memcpy(&ppc_md, machine_id, sizeof(struct machdep_calls));
if (ppc_md.probe()) {
DBG(" match !\n");
break;
}
DBG("\n");
Reported by FlawFinder.
arch/powerpc/kernel/udbg.c
2 issues
Line: 128
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list args;
va_start(args, fmt);
vsnprintf(buf, UDBG_BUFSIZE, fmt, args);
udbg_puts(buf);
va_end(args);
}
}
Reported by FlawFinder.
Line: 124
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void udbg_printf(const char *fmt, ...)
{
if (udbg_putc) {
char buf[UDBG_BUFSIZE];
va_list args;
va_start(args, fmt);
vsnprintf(buf, UDBG_BUFSIZE, fmt, args);
udbg_puts(buf);
Reported by FlawFinder.