The following issues were found
arch/xtensa/include/asm/coprocessor.h
2 issues
Line: 118
Column: 34
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define __REG1_1(name)
#define __REG2_0(n,s,a) __u32 name;
#define __REG2_1(n,s,a) unsigned char n[s] __attribute__ ((aligned(a)));
#define __REG2_2(n,s,a) unsigned char n[s] __attribute__ ((aligned(a)));
typedef struct { XCHAL_NCP_SA_LIST(0) } xtregs_opt_t
__attribute__ ((aligned (XCHAL_NCP_SA_ALIGN)));
typedef struct { XCHAL_NCP_SA_LIST(1) } xtregs_user_t
Reported by FlawFinder.
Line: 119
Column: 34
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define __REG2_0(n,s,a) __u32 name;
#define __REG2_1(n,s,a) unsigned char n[s] __attribute__ ((aligned(a)));
#define __REG2_2(n,s,a) unsigned char n[s] __attribute__ ((aligned(a)));
typedef struct { XCHAL_NCP_SA_LIST(0) } xtregs_opt_t
__attribute__ ((aligned (XCHAL_NCP_SA_ALIGN)));
typedef struct { XCHAL_NCP_SA_LIST(1) } xtregs_user_t
__attribute__ ((aligned (XCHAL_NCP_SA_ALIGN)));
Reported by FlawFinder.
arch/xtensa/include/asm/jump_label.h
2 issues
Line: 21
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
".pushsection __jump_table, \"aw\"\n\t"
".word 1b, %l[l_yes], %c0\n\t"
".popsection\n\t"
: : "i" (&((char *)key)[branch]) : : l_yes);
return false;
l_yes:
return true;
}
Reported by FlawFinder.
Line: 49
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
".pushsection __jump_table, \"aw\"\n\t"
".word 1b, %l[l_yes], %c0\n\t"
".popsection\n\t"
: : "i" (&((char *)key)[branch]) : : l_yes);
return false;
l_yes:
return true;
}
Reported by FlawFinder.
arch/xtensa/mm/cache.c
2 issues
Line: 278
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy data */
memcpy(dst, src, len);
/*
* Flush and invalidate kernel page if aliased and synchronize
* data and instruction caches for executable pages.
*/
Reported by FlawFinder.
Line: 319
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
preempt_enable();
}
memcpy(dst, src, len);
}
#endif
Reported by FlawFinder.
block/bio.c
2 issues
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct kmem_cache *slab;
unsigned int slab_ref;
unsigned int slab_size;
char name[8];
};
static DEFINE_MUTEX(bio_slab_lock);
static DEFINE_XARRAY(bio_slabs);
static struct bio_slab *create_bio_slab(unsigned int size)
Reported by FlawFinder.
Line: 1207
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src_p = kmap_atomic(src_bv.bv_page);
dst_p = kmap_atomic(dst_bv.bv_page);
memcpy(dst_p + dst_bv.bv_offset,
src_p + src_bv.bv_offset,
bytes);
kunmap_atomic(dst_p);
kunmap_atomic(src_p);
Reported by FlawFinder.
block/blk-core.c
2 issues
Line: 650
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void handle_bad_sector(struct bio *bio, sector_t maxsector)
{
char b[BDEVNAME_SIZE];
pr_info_ratelimited("attempt to access beyond end of device\n"
"%s: rw=%d, want=%llu, limit=%llu\n",
bio_devname(bio, b), bio->bi_opf,
bio_end_sector(bio), maxsector);
Reported by FlawFinder.
Line: 696
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline bool bio_check_ro(struct bio *bio)
{
if (op_is_write(bio_op(bio)) && bdev_read_only(bio->bi_bdev)) {
char b[BDEVNAME_SIZE];
if (op_is_flush(bio->bi_opf) && !bio_sectors(bio))
return false;
WARN_ONCE(1,
Reported by FlawFinder.
block/blk-mq-sysfs.c
2 issues
Line: 148
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t blk_mq_hw_sysfs_nr_tags_show(struct blk_mq_hw_ctx *hctx,
char *page)
{
return sprintf(page, "%u\n", hctx->tags->nr_tags);
}
static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx,
char *page)
{
Reported by FlawFinder.
Line: 154
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx,
char *page)
{
return sprintf(page, "%u\n", hctx->tags->nr_reserved_tags);
}
static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page)
{
const size_t size = PAGE_SIZE - 1;
Reported by FlawFinder.
block/blk-mq.c
2 issues
Line: 3206
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!new_hctxs)
return;
if (hctxs)
memcpy(new_hctxs, hctxs, q->nr_hw_queues *
sizeof(*hctxs));
q->queue_hw_ctx = new_hctxs;
kfree(hctxs);
hctxs = new_hctxs;
}
Reported by FlawFinder.
Line: 3450
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
if (set->tags)
memcpy(new_tags, set->tags, cur_nr_hw_queues *
sizeof(*set->tags));
kfree(set->tags);
set->tags = new_tags;
set->nr_hw_queues = new_nr_hw_queues;
Reported by FlawFinder.
block/bounce.c
2 issues
Line: 78
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned char *vto;
vto = kmap_atomic(to->bv_page);
memcpy(vto + to->bv_offset, vfrom, to->bv_len);
kunmap_atomic(vto);
}
/*
* Simple bounce buffer support for highmem pages. Depending on the
Reported by FlawFinder.
Line: 273
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vto = page_address(to->bv_page) + to->bv_offset;
vfrom = kmap_atomic(page) + to->bv_offset;
memcpy(vto, vfrom, to->bv_len);
kunmap_atomic(vfrom);
}
}
trace_block_bio_bounce(*bio_orig);
Reported by FlawFinder.
block/partitions/check.h
2 issues
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct parsed_partitions {
struct block_device *bdev;
char name[BDEVNAME_SIZE];
struct {
sector_t from;
sector_t size;
int flags;
bool has_info;
Reported by FlawFinder.
Line: 41
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
put_partition(struct parsed_partitions *p, int n, sector_t from, sector_t size)
{
if (n < p->limit) {
char tmp[1 + BDEVNAME_SIZE + 10 + 1];
p->parts[n].from = from;
p->parts[n].size = size;
snprintf(tmp, sizeof(tmp), " %s%d", p->name, n);
strlcat(p->pp_buf, tmp, PAGE_SIZE);
Reported by FlawFinder.
certs/blacklist.c
2 issues
Line: 126
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buffer = kmalloc(type_len + 1 + hash_len * 2 + 1, GFP_KERNEL);
if (!buffer)
return -ENOMEM;
p = memcpy(buffer, type, type_len);
p += type_len;
*p++ = ':';
bin2hex(p, hash, hash_len);
p += hash_len * 2;
*p = 0;
Reported by FlawFinder.
Line: 119
Column: 20
CWE codes:
126
int is_hash_blacklisted(const u8 *hash, size_t hash_len, const char *type)
{
key_ref_t kref;
size_t type_len = strlen(type);
char *buffer, *p;
int ret = 0;
buffer = kmalloc(type_len + 1 + hash_len * 2 + 1, GFP_KERNEL);
if (!buffer)
Reported by FlawFinder.