The following issues were found
include/uapi/linux/nfs_mount.h
2 issues
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int acdirmin; /* 1 */
int acdirmax; /* 1 */
struct sockaddr_in addr; /* 1 */
char hostname[NFS_MAXNAMLEN + 1]; /* 1 */
int namlen; /* 2 */
unsigned int bsize; /* 3 */
struct nfs3_fh root; /* 4 */
int pseudoflavor; /* 5 */
char context[NFS_MAX_CONTEXT_LEN + 1]; /* 6 */
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int bsize; /* 3 */
struct nfs3_fh root; /* 4 */
int pseudoflavor; /* 5 */
char context[NFS_MAX_CONTEXT_LEN + 1]; /* 6 */
};
/* bits in the flags field visible to user space */
#define NFS_MOUNT_SOFT 0x0001 /* 1 */
Reported by FlawFinder.
lib/crypto/blake2s-generic.c
2 issues
Line: 52
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (nblocks > 0) {
blake2s_increment_counter(state, inc);
memcpy(m, block, BLAKE2S_BLOCK_SIZE);
le32_to_cpu_array(m, ARRAY_SIZE(m));
memcpy(v, state->h, 32);
v[ 8] = BLAKE2S_IV0;
v[ 9] = BLAKE2S_IV1;
v[10] = BLAKE2S_IV2;
Reported by FlawFinder.
Line: 54
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
blake2s_increment_counter(state, inc);
memcpy(m, block, BLAKE2S_BLOCK_SIZE);
le32_to_cpu_array(m, ARRAY_SIZE(m));
memcpy(v, state->h, 32);
v[ 8] = BLAKE2S_IV0;
v[ 9] = BLAKE2S_IV1;
v[10] = BLAKE2S_IV2;
v[11] = BLAKE2S_IV3;
v[12] = BLAKE2S_IV4 ^ state->t[0];
Reported by FlawFinder.
lib/crypto/blake2s.c
2 issues
Line: 52
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
blake2s_update(&state, key, keylen);
blake2s_final(&state, x_key);
} else
memcpy(x_key, key, keylen);
for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i)
x_key[i] ^= 0x36;
blake2s_init(&state, BLAKE2S_HASH_SIZE);
Reported by FlawFinder.
Line: 70
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE);
blake2s_final(&state, i_hash);
memcpy(out, i_hash, BLAKE2S_HASH_SIZE);
memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE);
memzero_explicit(i_hash, BLAKE2S_HASH_SIZE);
}
EXPORT_SYMBOL(blake2s256_hmac);
Reported by FlawFinder.
lib/test_meminit.c
2 issues
Line: 245
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
buf_copy = kmalloc(size, GFP_ATOMIC);
if (buf_copy)
memcpy(buf_copy, buf, size);
kmem_cache_free(c, buf);
/*
* Check that |buf| is intact after kmem_cache_free().
* |want_zero| is false, because we wrote garbage to
Reported by FlawFinder.
Line: 292
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kfree(buf_contents);
goto out;
}
memcpy(buf_contents, buf, size);
kmem_cache_free(c, buf);
/*
* Run for a fixed number of iterations. If we never hit saved_ptr,
* assume the test passes.
*/
Reported by FlawFinder.
net/core/dev_addr_lists.c
2 issues
Line: 33
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ha = kmalloc(alloc_size, GFP_ATOMIC);
if (!ha)
return -ENOMEM;
memcpy(ha->addr, addr, addr_len);
ha->type = addr_type;
ha->refcount = 1;
ha->global_use = global;
ha->synced = sync ? 1 : 0;
ha->sync_cnt = 0;
Reported by FlawFinder.
Line: 456
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
int dev_addr_init(struct net_device *dev)
{
unsigned char addr[MAX_ADDR_LEN];
struct netdev_hw_addr *ha;
int err;
/* rtnl_mutex must be held here */
Reported by FlawFinder.
lib/test_objagg.c
2 issues
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct world {
unsigned int root_count;
unsigned int delta_count;
char next_root_buf[BUF_LEN];
struct objagg_obj *objagg_objs[NUM_KEYS];
unsigned int key_refs[NUM_KEYS];
};
struct root {
Reported by FlawFinder.
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct root {
struct tokey key;
char buf[BUF_LEN];
};
struct delta {
unsigned int key_id_diff;
};
Reported by FlawFinder.
include/media/davinci/vpbe_osd.h
2 issues
Line: 305
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned colorkey;
int rec601_attenuation;
/* index is pixel value */
unsigned char palette_map[16];
};
/* hardware rectangular cursor parameters */
struct osd_cursor_state {
int is_enabled;
Reported by FlawFinder.
Line: 368
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* YCbCrI or YCrCbI */
enum osd_pix_format yc_pixfmt;
/* columns are Y, Cb, Cr */
unsigned char clut_ram[256][3];
struct osd_cursor_state cursor;
/* OSD0, VID0, OSD1, VID1 */
struct osd_window_state win[4];
/* OSD0, OSD1 */
struct osd_osdwin_state osdwin[2];
Reported by FlawFinder.
kernel/trace/preemptirq_delay_test.c
2 issues
Line: 22
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/completion.h>
static ulong delay = 100;
static char test_mode[12] = "irq";
static uint burst_size = 1;
static int cpu_affinity = -1;
module_param_named(delay, delay, ulong, 0444);
module_param_string(test_mode, test_mode, 12, 0444);
Reported by FlawFinder.
Line: 150
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int preemptirq_run_test(void)
{
struct task_struct *task;
char task_name[50];
init_completion(&done);
snprintf(task_name, sizeof(task_name), "%s_test", test_mode);
task = kthread_run(preemptirq_delay_run, NULL, task_name);
Reported by FlawFinder.
net/netfilter/ipset/ip_set_hash_mac.c
2 issues
Line: 77
enum ipset_adt adt, struct ip_set_adt_opt *opt)
{
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_mac4_elem e = { { .foo[0] = 0, .foo[1] = 0 } };
struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set);
if (skb_mac_header(skb) < skb->head ||
(skb_mac_header(skb) + ETH_HLEN) > skb->data)
return -EINVAL;
Reported by Cppcheck.
Line: 33
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hash_mac4_elem {
/* Zero valued IP addresses cannot be stored */
union {
unsigned char ether[ETH_ALEN];
__be32 foo[2];
};
};
/* Common functions */
Reported by FlawFinder.
include/media/cec.h
2 issues
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct cec_adapter {
struct module *owner;
char name[32];
struct cec_devnode devnode;
struct mutex lock;
struct rc_dev *rc;
struct list_head transmit_queue;
Reported by FlawFinder.
Line: 254
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 sequence;
char input_phys[32];
};
static inline void *cec_get_drvdata(const struct cec_adapter *adap)
{
return adap->priv;
Reported by FlawFinder.