The following issues were found
include/linux/types.h
2 issues
Line: 197
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#else
unsigned long f_tinode;
#endif
char f_fname[6];
char f_fpack[6];
};
/**
* struct callback_head - callback structure for use with RCU and task_work
Reported by FlawFinder.
Line: 198
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long f_tinode;
#endif
char f_fname[6];
char f_fpack[6];
};
/**
* struct callback_head - callback structure for use with RCU and task_work
* @next: next update requests in a list
Reported by FlawFinder.
include/uapi/linux/caif/caif_socket.h
2 issues
Line: 149
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 type; /* type: enum caif_at_type */
} at; /* CAIFPROTO_AT */
struct {
char service[16];
} util; /* CAIFPROTO_UTIL */
union {
__u32 connection_id;
__u8 nsapi;
} dgm; /* CAIFPROTO_DATAGRAM(_LOOP)*/
Reported by FlawFinder.
Line: 157
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} dgm; /* CAIFPROTO_DATAGRAM(_LOOP)*/
struct {
__u32 connection_id;
char volume[16];
} rfm; /* CAIFPROTO_RFM */
struct {
__u8 type; /* type:enum caif_debug_type */
__u8 service; /* service:caif_debug_service */
} dbg; /* CAIFPROTO_DEBUG */
Reported by FlawFinder.
include/media/v4l2-subdev.h
2 issues
Line: 803
Column: 8
CWE codes:
362
struct v4l2_subdev_internal_ops {
int (*registered)(struct v4l2_subdev *sd);
void (*unregistered)(struct v4l2_subdev *sd);
int (*open)(struct v4l2_subdev *sd, struct v4l2_subdev_fh *fh);
int (*close)(struct v4l2_subdev *sd, struct v4l2_subdev_fh *fh);
void (*release)(struct v4l2_subdev *sd);
};
#define V4L2_SUBDEV_NAME_SIZE 32
Reported by FlawFinder.
Line: 895
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct v4l2_subdev_ops *ops;
const struct v4l2_subdev_internal_ops *internal_ops;
struct v4l2_ctrl_handler *ctrl_handler;
char name[V4L2_SUBDEV_NAME_SIZE];
u32 grp_id;
void *dev_priv;
void *host_priv;
struct video_device *devnode;
struct device *dev;
Reported by FlawFinder.
lib/test_firmware.c
2 issues
Line: 1044
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rc = -EINVAL;
goto out;
}
memcpy(buf, req->fw->data, req->fw->size);
rc = req->fw->size;
out:
mutex_unlock(&test_fw_mutex);
Reported by FlawFinder.
Line: 187
Column: 5
CWE codes:
126
int ret;
ret = __kstrncpy(&test_fw_config->name, TEST_FIRMWARE_NAME,
strlen(TEST_FIRMWARE_NAME), GFP_KERNEL);
if (ret < 0)
goto out;
test_fw_config->num_requests = TEST_FIRMWARE_NUM_REQS;
test_fw_config->send_uevent = true;
Reported by FlawFinder.
include/trace/events/bcache.h
2 issues
Line: 167
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
),
TP_fast_assign(
memcpy(__entry->uuid, c->set_uuid, 16);
__entry->inode = inode;
__entry->sector = bio->bi_iter.bi_sector;
__entry->nr_sector = bio->bi_iter.bi_size >> 9;
blk_fill_rwbs(__entry->rwbs, bio->bi_opf);
__entry->writeback = writeback;
Reported by FlawFinder.
Line: 203
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
),
TP_fast_assign(
memcpy(__entry->uuid, c->set_uuid, 16);
),
TP_printk("%pU", __entry->uuid)
);
Reported by FlawFinder.
mm/slab_common.c
2 issues
Line: 777
* kmalloc-32M.
*/
const struct kmalloc_info_struct kmalloc_info[] __initconst = {
INIT_KMALLOC_INFO(0, 0),
INIT_KMALLOC_INFO(96, 96),
INIT_KMALLOC_INFO(192, 192),
INIT_KMALLOC_INFO(8, 8),
INIT_KMALLOC_INFO(16, 16),
INIT_KMALLOC_INFO(32, 32),
Reported by Cppcheck.
Line: 1210
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret && p) {
/* Disable KASAN checks as the object's redzone is accessed. */
kasan_disable_current();
memcpy(ret, kasan_reset_tag(p), ks);
kasan_enable_current();
}
return ret;
}
Reported by FlawFinder.
include/uapi/linux/bpqether.h
2 issues
Line: 15
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SIOCSBPQETHADDR (SIOCDEVPRIVATE+1)
struct bpq_ethaddr {
unsigned char destination[ETH_ALEN];
unsigned char accept[ETH_ALEN];
};
/*
* For SIOCSBPQETHOPT - this is compatible with PI2/PacketTwin card drivers,
Reported by FlawFinder.
Line: 16
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bpq_ethaddr {
unsigned char destination[ETH_ALEN];
unsigned char accept[ETH_ALEN];
};
/*
* For SIOCSBPQETHOPT - this is compatible with PI2/PacketTwin card drivers,
* currently not implemented, though. If someone wants to hook a radio
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_string.h
2 issues
Line: 18
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xt_string_info {
__u16 from_offset;
__u16 to_offset;
char algo[XT_STRING_MAX_ALGO_NAME_SIZE];
char pattern[XT_STRING_MAX_PATTERN_SIZE];
__u8 patlen;
union {
struct {
__u8 invert;
Reported by FlawFinder.
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 from_offset;
__u16 to_offset;
char algo[XT_STRING_MAX_ALGO_NAME_SIZE];
char pattern[XT_STRING_MAX_PATTERN_SIZE];
__u8 patlen;
union {
struct {
__u8 invert;
} v0;
Reported by FlawFinder.
net/mac80211/tkip.c
2 issues
Line: 180
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_bh(&key->u.tkip.txlock);
ieee80211_compute_tkip_p1k(key, iv32);
memcpy(p1k, ctx->p1k, sizeof(ctx->p1k));
spin_unlock_bh(&key->u.tkip.txlock);
}
EXPORT_SYMBOL(ieee80211_get_tkip_p1k_iv);
void ieee80211_get_tkip_rx_p1k(struct ieee80211_key_conf *keyconf,
Reported by FlawFinder.
Line: 192
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct tkip_ctx ctx;
tkip_mixing_phase1(tk, &ctx, ta, iv32);
memcpy(p1k, ctx.p1k, sizeof(ctx.p1k));
}
EXPORT_SYMBOL(ieee80211_get_tkip_rx_p1k);
void ieee80211_get_tkip_p2k(struct ieee80211_key_conf *keyconf,
struct sk_buff *skb, u8 *p2k)
Reported by FlawFinder.
kernel/trace/trace_hwlat.c
2 issues
Line: 494
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int start_cpu_kthread(unsigned int cpu)
{
struct task_struct *kthread;
char comm[24];
snprintf(comm, 24, "hwlatd/%d", cpu);
kthread = kthread_create_on_cpu(kthread_fn, NULL, cpu, comm);
if (IS_ERR(kthread)) {
Reported by FlawFinder.
Line: 688
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct trace_array *tr = hwlat_trace;
const char *mode;
char buf[64];
int ret, i;
if (cnt >= sizeof(buf))
return -EINVAL;
Reported by FlawFinder.