The following issues were found
include/uapi/linux/uinput.h
2 issues
Line: 69
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct uinput_setup {
struct input_id id;
char name[UINPUT_MAX_NAME_SIZE];
__u32 ff_effects_max;
};
/**
* UI_DEV_SETUP - Set device parameters for setup
Reported by FlawFinder.
Line: 224
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define UI_FF_ERASE 2
struct uinput_user_dev {
char name[UINPUT_MAX_NAME_SIZE];
struct input_id id;
__u32 ff_effects_max;
__s32 absmax[ABS_CNT];
__s32 absmin[ABS_CNT];
__s32 absfuzz[ABS_CNT];
Reported by FlawFinder.
net/bluetooth/selftest.c
2 issues
Line: 184
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
}
static char test_ecdh_buffer[32];
static ssize_t test_ecdh_read(struct file *file, char __user *user_buf,
size_t count, loff_t *ppos)
{
return simple_read_from_buffer(user_buf, count, ppos, test_ecdh_buffer,
Reported by FlawFinder.
Line: 190
Column: 12
CWE codes:
126
size_t count, loff_t *ppos)
{
return simple_read_from_buffer(user_buf, count, ppos, test_ecdh_buffer,
strlen(test_ecdh_buffer));
}
static const struct file_operations test_ecdh_fops = {
.open = simple_open,
.read = test_ecdh_read,
Reported by FlawFinder.
include/uapi/linux/dvb/ca.h
2 issues
Line: 119
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int index;
unsigned int type;
unsigned int length;
unsigned char msg[256];
};
/**
* struct ca_descr - CA descrambler control words info
*
Reported by FlawFinder.
Line: 132
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ca_descr {
unsigned int index;
unsigned int parity;
unsigned char cw[8];
};
#define CA_RESET _IO('o', 128)
#define CA_GET_CAP _IOR('o', 129, struct ca_caps)
#define CA_GET_SLOT_INFO _IOR('o', 130, struct ca_slot_info)
Reported by FlawFinder.
mm/hugetlb_cgroup.c
2 issues
Line: 620
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init __hugetlb_cgroup_file_dfl_init(int idx)
{
char buf[32];
struct cftype *cft;
struct hstate *h = &hstates[idx];
/* format the size */
mem_fmt(buf, sizeof(buf), huge_page_size(h));
Reported by FlawFinder.
Line: 684
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init __hugetlb_cgroup_file_legacy_init(int idx)
{
char buf[32];
struct cftype *cft;
struct hstate *h = &hstates[idx];
/* format the size */
mem_fmt(buf, sizeof(buf), huge_page_size(h));
Reported by FlawFinder.
kernel/time/timecounter.c
2 issues
Line: 13
Column: 23
CWE codes:
120
20
u64 start_tstamp)
{
tc->cc = cc;
tc->cycle_last = cc->read(cc);
tc->nsec = start_tstamp;
tc->mask = (1ULL << cc->shift) - 1;
tc->frac = 0;
}
EXPORT_SYMBOL_GPL(timecounter_init);
Reported by FlawFinder.
Line: 37
Column: 22
CWE codes:
120
20
u64 ns_offset;
/* read cycle counter: */
cycle_now = tc->cc->read(tc->cc);
/* calculate the delta since the last timecounter_read_delta(): */
cycle_delta = (cycle_now - tc->cycle_last) & tc->cc->mask;
/* convert to nanoseconds: */
Reported by FlawFinder.
net/ipv6/ipcomp6.c
2 issues
Line: 88
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!t->id.spi)
goto error;
memcpy(t->id.daddr.a6, x->id.daddr.a6, sizeof(struct in6_addr));
memcpy(&t->sel, &x->sel, sizeof(t->sel));
t->props.family = AF_INET6;
t->props.mode = x->props.mode;
memcpy(t->props.saddr.a6, x->props.saddr.a6, sizeof(struct in6_addr));
memcpy(&t->mark, &x->mark, sizeof(t->mark));
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&t->sel, &x->sel, sizeof(t->sel));
t->props.family = AF_INET6;
t->props.mode = x->props.mode;
memcpy(t->props.saddr.a6, x->props.saddr.a6, sizeof(struct in6_addr));
memcpy(&t->mark, &x->mark, sizeof(t->mark));
t->if_id = x->if_id;
if (xfrm_init_state(t))
goto error;
Reported by FlawFinder.
net/ipv6/mcast.c
2 issues
Line: 666
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void igmp6_group_added(struct ifmcaddr6 *mc)
{
struct net_device *dev = mc->idev->dev;
char buf[MAX_ADDR_LEN];
if (IPV6_ADDR_MC_SCOPE(&mc->mca_addr) <
IPV6_ADDR_SCOPE_LINKLOCAL)
return;
Reported by FlawFinder.
Line: 701
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void igmp6_group_dropped(struct ifmcaddr6 *mc)
{
struct net_device *dev = mc->idev->dev;
char buf[MAX_ADDR_LEN];
if (IPV6_ADDR_MC_SCOPE(&mc->mca_addr) <
IPV6_ADDR_SCOPE_LINKLOCAL)
return;
Reported by FlawFinder.
net/bpfilter/main.c
2 issues
Line: 58
Column: 12
CWE codes:
362
int main(void)
{
debug_f = fopen("/dev/kmsg", "w");
setvbuf(debug_f, 0, _IOLBF, 0);
fprintf(debug_f, "<5>Started bpfilter\n");
loop();
fclose(debug_f);
return 0;
Reported by FlawFinder.
net/bridge/br_fdb.c
2 issues
Line: 489
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* convert from internal format to API */
memcpy(fe->mac_addr, f->key.addr.addr, ETH_ALEN);
/* due to ABI compat need to split into hi/lo */
fe->port_no = f->dst->port_no;
fe->port_hi = f->dst->port_no >> 8;
Reported by FlawFinder.
Line: 516
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fdb = kmem_cache_alloc(br_fdb_cache, GFP_ATOMIC);
if (fdb) {
memcpy(fdb->key.addr.addr, addr, ETH_ALEN);
WRITE_ONCE(fdb->dst, source);
fdb->key.vlan_id = vid;
fdb->flags = flags;
fdb->updated = fdb->used = jiffies;
if (rhashtable_lookup_insert_fast(&br->fdb_hash_tbl,
Reported by FlawFinder.
include/uapi/linux/nilfs2_ondisk.h
2 issues
Line: 191
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le16 s_segment_usage_size; /* Size of a segment usage */
/*98*/ __u8 s_uuid[16]; /* 128-bit uuid for volume */
/*A8*/ char s_volume_name[80]; /* volume name */
/*F8*/ __le32 s_c_interval; /* Commit interval of segment */
__le32 s_c_block_max; /*
* Threshold of data amount for
* the segment construction
Reported by FlawFinder.
Line: 305
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le16 rec_len; /* Directory entry length */
__u8 name_len; /* Name length */
__u8 file_type; /* Dir entry type (file, dir, etc) */
char name[NILFS_NAME_LEN]; /* File name */
char pad;
};
/*
* NILFS directory file types. Only the low 3 bits are used. The
Reported by FlawFinder.