The following issues were found
arch/um/drivers/ubd_kern.c
2 issues
Line: 831
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!ubd_dev)
return 0;
return sprintf(buf, "%s", ubd_dev->serial);
}
static DEVICE_ATTR_RO(serial);
static struct attribute *ubd_attrs[] = {
Reported by FlawFinder.
Line: 865
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
disk->minors = 1 << UBD_SHIFT;
disk->fops = &ubd_blops;
set_capacity(disk, size / 512);
sprintf(disk->disk_name, "ubd%c", 'a' + unit);
ubd_devs[unit].pdev.id = unit;
ubd_devs[unit].pdev.name = DRIVER_NAME;
ubd_devs[unit].pdev.dev.release = ubd_device_release;
dev_set_drvdata(&ubd_devs[unit].pdev.dev, &ubd_devs[unit]);
Reported by FlawFinder.
arch/um/include/shared/os.h
2 issues
Line: 260
Column: 26
CWE codes:
134
Suggestion:
Use a constant for the format specification
extern void um_early_printk(const char *s, unsigned int n);
extern void os_fix_helper_signals(void);
extern void os_info(const char *fmt, ...)
__attribute__ ((format (printf, 1, 2)));
extern void os_warn(const char *fmt, ...)
__attribute__ ((format (printf, 1, 2)));
/* time.c */
extern void os_idle_sleep(void);
Reported by FlawFinder.
Line: 262
Column: 26
CWE codes:
134
Suggestion:
Use a constant for the format specification
extern void os_info(const char *fmt, ...)
__attribute__ ((format (printf, 1, 2)));
extern void os_warn(const char *fmt, ...)
__attribute__ ((format (printf, 1, 2)));
/* time.c */
extern void os_idle_sleep(void);
extern int os_timer_create(void);
extern int os_timer_set_interval(unsigned long long nsecs);
Reported by FlawFinder.
arch/um/include/shared/user.h
2 issues
Line: 27
Column: 26
CWE codes:
134
Suggestion:
Use a constant for the format specification
#endif
extern void panic(const char *fmt, ...)
__attribute__ ((format (printf, 1, 2)));
/* Requires preincluding include/linux/kern_levels.h */
#define UM_KERN_EMERG KERN_EMERG
#define UM_KERN_ALERT KERN_ALERT
#define UM_KERN_CRIT KERN_CRIT
Reported by FlawFinder.
Line: 42
Column: 26
CWE codes:
134
Suggestion:
Use a constant for the format specification
#ifdef UML_CONFIG_PRINTK
extern int printk(const char *fmt, ...)
__attribute__ ((format (printf, 1, 2)));
#else
static inline int printk(const char *fmt, ...)
{
return 0;
}
Reported by FlawFinder.
arch/um/kernel/mem.c
2 issues
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
panic("%s: Failed to allocate %lu bytes align=%lx\n",
__func__, size, PAGE_SIZE);
memcpy((void *) v , (void *) FIXADDR_USER_START, size);
p = __pa(v);
for ( ; size > 0; size -= PAGE_SIZE, vaddr += PAGE_SIZE,
p += PAGE_SIZE) {
pte = virt_to_kpte(vaddr);
pte_set_val(*pte, p, PAGE_READONLY);
Reported by FlawFinder.
Line: 190
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pgd) {
memset(pgd, 0, USER_PTRS_PER_PGD * sizeof(pgd_t));
memcpy(pgd + USER_PTRS_PER_PGD,
swapper_pg_dir + USER_PTRS_PER_PGD,
(PTRS_PER_PGD - USER_PTRS_PER_PGD) * sizeof(pgd_t));
}
return pgd;
}
Reported by FlawFinder.
arch/um/kernel/time.c
2 issues
Line: 512
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rc;
if ((sep = strchr(socket, ':'))) {
char buf[25] = {};
if (sep - socket > sizeof(buf) - 1)
goto invalid_number;
memcpy(buf, socket, sep - socket);
if (kstrtoull(buf, 0, &id)) {
Reported by FlawFinder.
Line: 516
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sep - socket > sizeof(buf) - 1)
goto invalid_number;
memcpy(buf, socket, sep - socket);
if (kstrtoull(buf, 0, &id)) {
invalid_number:
panic("time-travel: invalid external ID in string '%s'\n",
socket);
return -EINVAL;
Reported by FlawFinder.
arch/um/os-Linux/registers.c
2 issues
Line: 54
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void get_safe_registers(unsigned long *regs, unsigned long *fp_regs)
{
memcpy(regs, exec_regs, sizeof(exec_regs));
if (fp_regs)
memcpy(fp_regs, exec_fp_regs, sizeof(exec_fp_regs));
}
Reported by FlawFinder.
Line: 57
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(regs, exec_regs, sizeof(exec_regs));
if (fp_regs)
memcpy(fp_regs, exec_fp_regs, sizeof(exec_fp_regs));
}
Reported by FlawFinder.
arch/x86/boot/compressed/misc.c
2 issues
Line: 160
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __puthex(unsigned long value)
{
char alpha[2] = "0";
int bits;
for (bits = sizeof(value) * 8 - 4; bits >= 0; bits -= 4) {
unsigned long digit = (value >> bits) & 0xf;
Reported by FlawFinder.
Line: 298
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!phdrs)
error("Failed to allocate space for phdrs");
memcpy(phdrs, output + ehdr.e_phoff, sizeof(*phdrs) * ehdr.e_phnum);
for (i = 0; i < ehdr.e_phnum; i++) {
phdr = &phdrs[i];
switch (phdr->p_type) {
Reported by FlawFinder.
arch/x86/boot/compressed/string.c
2 issues
Line: 68
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Detect and warn about potential overlaps, but handle them with memmove. */
void *memcpy(void *dest, const void *src, size_t n)
{
if (dest > src && dest - src < n) {
warn("Avoiding potentially unsafe overlapping memcpy()!");
return memmove(dest, src, n);
}
Reported by FlawFinder.
Line: 80
Column: 70
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef CONFIG_KASAN
extern void *__memset(void *s, int c, size_t n) __alias(memset);
extern void *__memmove(void *dest, const void *src, size_t n) __alias(memmove);
extern void *__memcpy(void *dest, const void *src, size_t n) __alias(memcpy);
#endif
Reported by FlawFinder.
arch/x86/boot/cpu.c
2 issues
Line: 23
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *cpu_name(int level)
{
static char buf[6];
if (level == 64) {
return "x86-64";
} else {
if (level == 15)
Reported by FlawFinder.
Line: 30
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else {
if (level == 15)
level = 6;
sprintf(buf, "i%d86", level);
return buf;
}
}
static void show_cap_strs(u32 *err_flags)
Reported by FlawFinder.
arch/x86/boot/early_serial_console.c
2 issues
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void parse_earlyprintk(void)
{
int baud = DEFAULT_BAUD;
char arg[32];
int pos = 0;
int port = 0;
if (cmdline_find_option("earlyprintk", arg, sizeof(arg)) > 0) {
char *e;
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void parse_console_uart8250(void)
{
char optstr[64], *options;
int baud = DEFAULT_BAUD;
int port = 0;
/*
* console=uart8250,io,0x3f8,115200n8
Reported by FlawFinder.