The following issues were found
arch/sparc/kernel/time_64.c
2 issues
Line: 170
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
bool is_cpu_node = false;
unsigned long freq = 0;
char type[128];
if (!node)
return freq;
if (prom_getproperty(node, "device_type", type, sizeof(type)) != -1)
Reported by FlawFinder.
Line: 763
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sevt = this_cpu_ptr(&sparc64_events);
memcpy(sevt, &sparc64_clockevent, sizeof(*sevt));
sevt->cpumask = cpumask_of(smp_processor_id());
clockevents_register_device(sevt);
}
Reported by FlawFinder.
arch/sparc/net/bpf_jit_comp_32.c
2 issues
Line: 368
/* Make sure we dont leek kernel memory. */
if (seen_or_pass0 & SEEN_XREG)
emit_clear(r_X);
/* If this filter needs to access skb data,
* load %o4 and %o5 with:
* %o4 = skb->len - skb->data_len
* %o5 = skb->data
Reported by Cppcheck.
Line: 719
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
module_memfree(image);
return;
}
memcpy(image + proglen, temp, ilen);
}
proglen += ilen;
addrs[i] = proglen;
prog = temp;
}
Reported by FlawFinder.
arch/sparc/prom/printf.c
2 issues
Line: 26
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define CONSOLE_WRITE_BUF_SIZE 1024
static char ppbuf[1024];
static char console_write_buf[CONSOLE_WRITE_BUF_SIZE];
static DEFINE_RAW_SPINLOCK(console_write_lock);
void notrace prom_write(const char *buf, unsigned int n)
{
Reported by FlawFinder.
Line: 27
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define CONSOLE_WRITE_BUF_SIZE 1024
static char ppbuf[1024];
static char console_write_buf[CONSOLE_WRITE_BUF_SIZE];
static DEFINE_RAW_SPINLOCK(console_write_lock);
void notrace prom_write(const char *buf, unsigned int n)
{
unsigned int dest_len;
Reported by FlawFinder.
arch/sparc/prom/tree_32.c
2 issues
Line: 21
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern void restore_current(void);
static char promlib_buf[128];
/* Internal version of prom_getchild that does not alter return values. */
static phandle __prom_getchild(phandle node)
{
unsigned long flags;
Reported by FlawFinder.
Line: 232
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
phandle prom_finddevice(char *name)
{
char nbuf[128];
char *s = name, *d;
phandle node = prom_root_node, node2;
unsigned int which_io, phys_addr;
struct linux_prom_registers reg[PROMREG_MAX];
Reported by FlawFinder.
arch/um/drivers/chan_user.h
2 issues
Line: 20
Column: 8
CWE codes:
362
struct chan_ops {
char *type;
void *(*init)(char *, int, const struct chan_opts *);
int (*open)(int, int, int, void *, char **);
void (*close)(int, void *);
int (*read)(int, char *, void *);
int (*write)(int, const char *, int, void *);
int (*console_write)(int, const char *, int);
int (*window_size)(int, void *, unsigned short *, unsigned short *);
Reported by FlawFinder.
Line: 22
Column: 8
CWE codes:
120
20
void *(*init)(char *, int, const struct chan_opts *);
int (*open)(int, int, int, void *, char **);
void (*close)(int, void *);
int (*read)(int, char *, void *);
int (*write)(int, const char *, int, void *);
int (*console_write)(int, const char *, int);
int (*window_size)(int, void *, unsigned short *, unsigned short *);
void (*free)(void *);
int winch;
Reported by FlawFinder.
arch/um/drivers/fd.c
2 issues
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int fd;
int raw;
struct termios tt;
char str[sizeof("1234567890\0")];
};
static void *fd_init(char *str, int device, const struct chan_opts *opts)
{
struct fd_chan *data;
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (err)
return err;
}
sprintf(data->str, "%d", data->fd);
*dev_out = data->str;
return data->fd;
}
static void fd_close(int fd, void *d)
Reported by FlawFinder.
arch/um/drivers/pcap_user.c
2 issues
Line: 20
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct pcap_data *pri = data;
pcap_t *p;
char errors[PCAP_ERRBUF_SIZE];
p = pcap_open_live(pri->host_if, ETH_MAX_PACKET + ETH_HEADER_OTHER,
pri->promisc, 0, errors);
if (p == NULL) {
printk(UM_KERN_ERR "pcap_user_init : pcap_open_live failed - "
Reported by FlawFinder.
Line: 106
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct pcap_handler_data *hdata = (struct pcap_handler_data *) data;
len = hdata->len < header->caplen ? hdata->len : header->caplen;
memcpy(hdata->buffer, packet, len);
hdata->len = len;
}
int pcap_user_read(int fd, void *buffer, int len, struct pcap_data *pri)
{
Reported by FlawFinder.
arch/um/drivers/port_user.c
2 issues
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int raw;
struct termios tt;
void *kernel_data;
char dev[sizeof("32768\0")];
};
static void *port_init(char *str, int device, const struct chan_opts *opts)
{
struct port_chan *data;
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*data = ((struct port_chan) { .raw = opts->raw,
.kernel_data = kern_data });
sprintf(data->dev, "%d", port);
return data;
err:
port_kern_free(kern_data);
return NULL;
Reported by FlawFinder.
arch/um/drivers/slip_common.c
2 issues
Line: 16
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = slip_unesc(slip->ibuf[i++], slip->ibuf,
&slip->pos, &slip->esc);
if(size){
memcpy(buf, slip->ibuf, size);
memmove(slip->ibuf, &slip->ibuf[i],
slip->more - i);
slip->more = slip->more - i;
return size;
}
Reported by FlawFinder.
Line: 36
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = slip_unesc(slip->ibuf[start + i], slip->ibuf,&slip->pos,
&slip->esc);
if(size){
memcpy(buf, slip->ibuf, size);
memmove(slip->ibuf, &slip->ibuf[start+i+1],
n - (i + 1));
slip->more = n - (i + 1);
return size;
}
Reported by FlawFinder.
arch/um/drivers/slip_common.h
2 issues
Line: 85
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
struct slip_proto {
unsigned char ibuf[ENC_BUF_SIZE];
unsigned char obuf[ENC_BUF_SIZE];
int more; /* more data: do not read fd until ibuf has been drained */
int pos;
int esc;
};
Reported by FlawFinder.
Line: 86
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct slip_proto {
unsigned char ibuf[ENC_BUF_SIZE];
unsigned char obuf[ENC_BUF_SIZE];
int more; /* more data: do not read fd until ibuf has been drained */
int pos;
int esc;
};
Reported by FlawFinder.