The following issues were found
include/net/regulatory.h
2 issues
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int wiphy_idx;
enum nl80211_reg_initiator initiator;
enum nl80211_user_reg_hint_type user_reg_hint_type;
char alpha2[3];
enum nl80211_dfs_regions dfs_region;
bool intersect;
bool processed;
enum environment_cap country_ie_env;
struct list_head list;
Reported by FlawFinder.
Line: 229
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ieee80211_regdomain {
struct rcu_head rcu_head;
u32 n_reg_rules;
char alpha2[3];
enum nl80211_dfs_regions dfs_region;
struct ieee80211_reg_rule reg_rules[];
};
#define REG_RULE_EXT(start, end, bw, gain, eirp, dfs_cac, reg_flags) \
Reported by FlawFinder.
lib/kstrtox.c
2 issues
Line: 382
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int kstrtobool_from_user(const char __user *s, size_t count, bool *res)
{
/* Longest string needed to differentiate, newline, terminator */
char buf[4];
count = min(count, sizeof(buf) - 1);
if (copy_from_user(buf, s, count))
return -EFAULT;
buf[count] = '\0';
Reported by FlawFinder.
Line: 396
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int f(const char __user *s, size_t count, unsigned int base, type *res) \
{ \
/* sign, base 2 representation, newline, terminator */ \
char buf[1 + sizeof(type) * 8 + 1 + 1]; \
\
count = min(count, sizeof(buf) - 1); \
if (copy_from_user(buf, s, count)) \
return -EFAULT; \
buf[count] = '\0'; \
Reported by FlawFinder.
include/trace/events/task.h
2 issues
Line: 24
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TP_fast_assign(
__entry->pid = task->pid;
memcpy(__entry->comm, task->comm, TASK_COMM_LEN);
__entry->clone_flags = clone_flags;
__entry->oom_score_adj = task->signal->oom_score_adj;
),
TP_printk("pid=%d comm=%s clone_flags=%lx oom_score_adj=%hd",
Reported by FlawFinder.
Line: 49
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TP_fast_assign(
__entry->pid = task->pid;
memcpy(entry->oldcomm, task->comm, TASK_COMM_LEN);
strlcpy(entry->newcomm, comm, TASK_COMM_LEN);
__entry->oom_score_adj = task->signal->oom_score_adj;
),
TP_printk("pid=%d oldcomm=%s newcomm=%s oom_score_adj=%hd",
Reported by FlawFinder.
lib/kunit/assert.c
2 issues
Line: 100
Column: 6
CWE codes:
126
bool ret;
len = snprintf(NULL, 0, "%lld", value);
if (strlen(text) != len)
return false;
buffer = kunit_kmalloc(test, len+1, gfp);
if (!buffer)
return false;
Reported by FlawFinder.
Line: 173
Column: 8
CWE codes:
126
{
int len;
len = strlen(text);
if (len < 2)
return false;
if (text[0] != '\"' || text[len - 1] != '\"')
return false;
Reported by FlawFinder.
include/trace/events/spmi.h
2 issues
Line: 32
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->sid = sid;
__entry->addr = addr;
__entry->len = len + 1;
memcpy(__get_dynamic_array(buf), buf, len + 1);
),
TP_printk("opc=%d sid=%02d addr=0x%04x len=%d buf=0x[%*phD]",
(int)__entry->opcode, (int)__entry->sid,
(int)__entry->addr, (int)__entry->len,
Reported by FlawFinder.
Line: 104
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->addr = addr;
__entry->ret = ret;
__entry->len = len + 1;
memcpy(__get_dynamic_array(buf), buf, len + 1);
),
TP_printk("opc=%d sid=%02d addr=0x%04x ret=%d len=%02d buf=0x[%*phD]",
(int)__entry->opcode, (int)__entry->sid,
(int)__entry->addr, __entry->ret, (int)__entry->len,
Reported by FlawFinder.
lib/kunit/executor_test.c
2 issues
Line: 29
Column: 34
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
kfree_at_end(test, filtered);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered[0]);
KUNIT_EXPECT_STREQ(test, (const char *)filtered[0]->name, "suite2");
KUNIT_EXPECT_FALSE(test, filtered[1]);
}
static void filter_subsuite_to_empty_test(struct kunit *test)
Reported by FlawFinder.
Line: 130
Column: 2
CWE codes:
120
/* We normally never expect to allocate suites, hence the non-const cast. */
suite = kunit_kzalloc(test, sizeof(*suite), GFP_KERNEL);
strncpy((char *)suite->name, suite_name, sizeof(suite->name) - 1);
return suite;
}
Reported by FlawFinder.
include/trace/events/spi.h
2 issues
Line: 205
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->len = xfer->len;
if (spi_valid_txbuf(msg, xfer))
memcpy(__get_dynamic_array(tx_buf),
xfer->tx_buf, __get_dynamic_array_len(tx_buf));
if (spi_valid_rxbuf(msg, xfer))
memcpy(__get_dynamic_array(rx_buf),
xfer->rx_buf, __get_dynamic_array_len(rx_buf));
Reported by FlawFinder.
Line: 209
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
xfer->tx_buf, __get_dynamic_array_len(tx_buf));
if (spi_valid_rxbuf(msg, xfer))
memcpy(__get_dynamic_array(rx_buf),
xfer->rx_buf, __get_dynamic_array_len(rx_buf));
),
TP_printk("spi%d.%d %p len=%d tx=[%*phD] rx=[%*phD]",
__entry->bus_num, __entry->chip_select,
Reported by FlawFinder.
lib/kunit/string-stream.c
2 issues
Line: 85
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_copy(args_for_counting, args);
/* Need space for null byte. */
len = vsnprintf(NULL, 0, fmt, args_for_counting) + 1;
va_end(args_for_counting);
frag_container = alloc_string_stream_fragment(stream->test,
len,
Reported by FlawFinder.
Line: 95
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!frag_container)
return -ENOMEM;
len = vsnprintf(frag_container->fragment, len, fmt, args);
spin_lock(&stream->lock);
stream->length += len;
list_add_tail(&frag_container->node, &stream->fragments);
spin_unlock(&stream->lock);
Reported by FlawFinder.
include/uapi/linux/minix_fs.h
2 issues
Line: 100
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct minix_dir_entry {
__u16 inode;
char name[0];
};
struct minix3_dir_entry {
__u32 inode;
char name[0];
Reported by FlawFinder.
Line: 105
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct minix3_dir_entry {
__u32 inode;
char name[0];
};
#endif
Reported by FlawFinder.
include/net/nfc/hci.h
2 issues
Line: 16
Column: 8
CWE codes:
362
struct nfc_hci_dev;
struct nfc_hci_ops {
int (*open) (struct nfc_hci_dev *hdev);
void (*close) (struct nfc_hci_dev *hdev);
int (*load_session) (struct nfc_hci_dev *hdev);
int (*hci_ready) (struct nfc_hci_dev *hdev);
/*
* xmit must always send the complete buffer before
Reported by FlawFinder.
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nfc_hci_init_data {
u8 gate_count;
struct nfc_hci_gate gates[NFC_HCI_MAX_CUSTOM_GATES];
char session_id[9];
};
typedef int (*xmit) (struct sk_buff *skb, void *cb_data);
#define NFC_HCI_MAX_GATES 256
Reported by FlawFinder.