The following issues were found
mm/vmpressure.c
2 issues
Line: 342
Column: 55
CWE codes:
126
vmpressure(gfp, memcg, true, vmpressure_win, 0);
}
#define MAX_VMPRESSURE_ARGS_LEN (strlen("critical") + strlen("hierarchy") + 2)
/**
* vmpressure_register_event() - Bind vmpressure notifications to an eventfd
* @memcg: memcg that is interested in vmpressure notifications
* @eventfd: eventfd context to link notifications with
Reported by FlawFinder.
Line: 342
Column: 34
CWE codes:
126
vmpressure(gfp, memcg, true, vmpressure_win, 0);
}
#define MAX_VMPRESSURE_ARGS_LEN (strlen("critical") + strlen("hierarchy") + 2)
/**
* vmpressure_register_event() - Bind vmpressure notifications to an eventfd
* @memcg: memcg that is interested in vmpressure notifications
* @eventfd: eventfd context to link notifications with
Reported by FlawFinder.
net/ceph/debugfs.c
2 issues
Line: 82
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < map->max_osd; i++) {
struct ceph_entity_addr *addr = &map->osd_addr[i];
u32 state = map->osd_state[i];
char sb[64];
seq_printf(s, "osd%d\t%s\t%3d%%\t(%s)\t%3d%%\t%2d\n",
i, ceph_pr_addr(addr),
((map->osd_weight[i]*100) >> 16),
ceph_osdmap_state_str(sb, sizeof(sb), state),
Reported by FlawFinder.
Line: 409
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void ceph_debugfs_client_init(struct ceph_client *client)
{
char name[80];
snprintf(name, sizeof(name), "%pU.client%lld", &client->fsid,
client->monc.auth->global_id);
dout("ceph_debugfs_client_init %p %s\n", client, name);
Reported by FlawFinder.
mm/vmscan.c
2 issues
Line: 238
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(new->map, (int)0xff, old_map_size);
memset((void *)new->map + old_map_size, 0, map_size - old_map_size);
/* nr_deferred: copy old values, clear all new values */
memcpy(new->nr_deferred, old->nr_deferred, old_defer_size);
memset((void *)new->nr_deferred + old_defer_size, 0,
defer_size - old_defer_size);
rcu_assign_pointer(pn->shrinker_info, new);
kvfree_rcu(old, rcu);
Reported by FlawFinder.
Line: 2662
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
get_scan_count(lruvec, sc, nr);
/* Record the original scan target for proportional adjustments later */
memcpy(targets, nr, sizeof(nr));
/*
* Global reclaiming within direct reclaim at DEF_PRIORITY is a normal
* event that can occur when there is little memory pressure e.g.
* multiple streaming readers/writers. Hence, we do not abort scanning
Reported by FlawFinder.
include/media/media-devnode.h
2 issues
Line: 54
Column: 8
CWE codes:
362
__poll_t (*poll) (struct file *, struct poll_table_struct *);
long (*ioctl) (struct file *, unsigned int, unsigned long);
long (*compat_ioctl) (struct file *, unsigned int, unsigned long);
int (*open) (struct file *);
int (*release) (struct file *);
};
/**
* struct media_devnode - Media device node
Reported by FlawFinder.
Line: 49
Column: 12
CWE codes:
120
20
*/
struct media_file_operations {
struct module *owner;
ssize_t (*read) (struct file *, char __user *, size_t, loff_t *);
ssize_t (*write) (struct file *, const char __user *, size_t, loff_t *);
__poll_t (*poll) (struct file *, struct poll_table_struct *);
long (*ioctl) (struct file *, unsigned int, unsigned long);
long (*compat_ioctl) (struct file *, unsigned int, unsigned long);
int (*open) (struct file *);
Reported by FlawFinder.
mm/z3fold.c
2 issues
Line: 724
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_fail;
}
new_zhdr->foreign_handles++;
memcpy(q, p, sz);
write_lock(&zhdr->slots->lock);
*(unsigned long *)old_handle = (unsigned long)new_zhdr +
__idx(new_zhdr, new_bud);
if (new_bud == LAST)
*(unsigned long *)old_handle |=
Reported by FlawFinder.
Line: 1628
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EAGAIN;
}
new_zhdr = page_address(newpage);
memcpy(new_zhdr, zhdr, PAGE_SIZE);
newpage->private = page->private;
page->private = 0;
z3fold_page_unlock(zhdr);
spin_lock_init(&new_zhdr->page_lock);
INIT_WORK(&new_zhdr->work, compact_page_work);
Reported by FlawFinder.
include/target/iscsi/iscsi_target_stat.h
2 issues
Line: 36
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 cxn_timeout_errors;
u32 pdu_format_errors;
u32 last_sess_failure_type;
char last_sess_fail_rem_name[ISCSI_IQN_LEN];
} ____cacheline_aligned;
/* iSCSI login failure types (sub oids) */
#define ISCSI_LOGIN_FAIL_OTHER 2
#define ISCSI_LOGIN_FAIL_REDIRECT 3
Reported by FlawFinder.
Line: 59
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 last_fail_type;
int last_intr_fail_ip_family;
struct sockaddr_storage last_intr_fail_sockaddr;
char last_intr_fail_name[ISCSI_IQN_LEN];
} ____cacheline_aligned;
/* iSCSI logout stats */
struct iscsi_logout_stats {
spinlock_t lock;
Reported by FlawFinder.
include/sound/vx_core.h
2 issues
Line: 183
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* mixer setting */
int output_level[VX_MAX_CODECS][2]; /* analog output level */
int audio_gain[2][4]; /* digital audio level (playback/capture) */
unsigned char audio_active[4]; /* mute/unmute on digital playback */
int audio_monitor[4]; /* playback hw-monitor level */
unsigned char audio_monitor_active[4]; /* playback hw-monitor mute/unmute */
struct mutex mixer_mutex;
Reported by FlawFinder.
Line: 185
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int audio_gain[2][4]; /* digital audio level (playback/capture) */
unsigned char audio_active[4]; /* mute/unmute on digital playback */
int audio_monitor[4]; /* playback hw-monitor level */
unsigned char audio_monitor_active[4]; /* playback hw-monitor mute/unmute */
struct mutex mixer_mutex;
const struct firmware *firmware[4]; /* loaded firmware data */
};
Reported by FlawFinder.
include/media/dvb_frontend.h
2 issues
Line: 89
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @bandwidth_step: frontend bandwidth step
*/
struct dvb_tuner_info {
char name[128];
u32 frequency_min_hz;
u32 frequency_max_hz;
u32 frequency_step_hz;
Reported by FlawFinder.
Line: 339
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* as specified in &enum fe_caps.
*/
struct dvb_frontend_internal_info {
char name[128];
u32 frequency_min_hz;
u32 frequency_max_hz;
u32 frequency_stepsize_hz;
u32 frequency_tolerance_hz;
u32 symbol_rate_min;
Reported by FlawFinder.
net/mac802154/llsec.c
2 issues
Line: 603
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__be32 frame_counter = (__force __be32) swab32((__force u32) sec->frame_counter);
iv[0] = 1; /* L' = L - 1 = 1 */
memcpy(iv + 1, &addr_bytes, sizeof(addr_bytes));
memcpy(iv + 9, &frame_counter, sizeof(frame_counter));
iv[13] = sec->level;
iv[14] = 0;
iv[15] = 1;
}
Reported by FlawFinder.
Line: 604
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iv[0] = 1; /* L' = L - 1 = 1 */
memcpy(iv + 1, &addr_bytes, sizeof(addr_bytes));
memcpy(iv + 9, &frame_counter, sizeof(frame_counter));
iv[13] = sec->level;
iv[14] = 0;
iv[15] = 1;
}
Reported by FlawFinder.
include/uapi/linux/blkpg.h
2 issues
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long long start; /* starting offset in bytes */
long long length; /* length in bytes */
int pno; /* partition number */
char devname[BLKPG_DEVNAMELTH]; /* unused / ignored */
char volname[BLKPG_VOLNAMELTH]; /* unused / ignore */
};
#endif /* _UAPI__LINUX_BLKPG_H */
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long long length; /* length in bytes */
int pno; /* partition number */
char devname[BLKPG_DEVNAMELTH]; /* unused / ignored */
char volname[BLKPG_VOLNAMELTH]; /* unused / ignore */
};
#endif /* _UAPI__LINUX_BLKPG_H */
Reported by FlawFinder.