The following issues were found
net/atm/common.c
2 issues
Line: 446
Column: 16
CWE codes:
362
vcc->qos.rxtp.max_pcr,
vcc->qos.rxtp.max_sdu);
if (dev->ops->open) {
error = dev->ops->open(vcc);
if (error)
goto fail;
}
return 0;
Reported by FlawFinder.
Line: 447
Column: 21
CWE codes:
362
vcc->qos.rxtp.max_sdu);
if (dev->ops->open) {
error = dev->ops->open(vcc);
if (error)
goto fail;
}
return 0;
Reported by FlawFinder.
kernel/sched/rt.c
2 issues
Line: 742
CWE codes:
908
if (unlikely(!scheduler_running))
return;
for_each_rt_rq(rt_rq, iter, rq) {
struct rt_bandwidth *rt_b = sched_rt_bandwidth(rt_rq);
s64 want;
int i;
raw_spin_lock(&rt_b->rt_runtime_lock);
Reported by Cppcheck.
Line: 826
CWE codes:
908
/*
* Reset each runqueue's bandwidth settings
*/
for_each_rt_rq(rt_rq, iter, rq) {
struct rt_bandwidth *rt_b = sched_rt_bandwidth(rt_rq);
raw_spin_lock(&rt_b->rt_runtime_lock);
raw_spin_lock(&rt_rq->rt_runtime_lock);
rt_rq->rt_runtime = rt_b->rt_runtime;
Reported by Cppcheck.
kernel/bpf/devmap.c
2 issues
Line: 832
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EEXIST;
/* already verified value_size <= sizeof val */
memcpy(&val, value, map->value_size);
if (!val.ifindex) {
dev = NULL;
/* can not specify fd if ifindex is 0 */
if (val.bpf_prog.fd > 0)
Reported by FlawFinder.
Line: 874
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int err = -EEXIST;
/* already verified value_size <= sizeof val */
memcpy(&val, value, map->value_size);
if (unlikely(map_flags > BPF_EXIST || !val.ifindex))
return -EINVAL;
spin_lock_irqsave(&dtab->index_lock, flags);
Reported by FlawFinder.
include/uapi/linux/atm.h
2 issues
Line: 209
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sockaddr_atmsvc {
unsigned short sas_family; /* address family, AF_ATMSVC */
struct { /* SVC address */
unsigned char prv[ATM_ESA_LEN];/* private ATM address */
char pub[ATM_E164_LEN+1]; /* public address (E.164) */
/* unused addresses must be bzero'ed */
char lij_type; /* role in LIJ call; one of ATM_LIJ* */
__u32 lij_id; /* LIJ call identifier */
} sas_addr __ATM_API_ALIGN; /* SVC address */
Reported by FlawFinder.
Line: 210
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short sas_family; /* address family, AF_ATMSVC */
struct { /* SVC address */
unsigned char prv[ATM_ESA_LEN];/* private ATM address */
char pub[ATM_E164_LEN+1]; /* public address (E.164) */
/* unused addresses must be bzero'ed */
char lij_type; /* role in LIJ call; one of ATM_LIJ* */
__u32 lij_id; /* LIJ call identifier */
} sas_addr __ATM_API_ALIGN; /* SVC address */
};
Reported by FlawFinder.
kernel/bpf/disasm.h
2 issues
Line: 17
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <string.h>
#endif
extern const char *const bpf_alu_string[16];
extern const char *const bpf_class_string[8];
const char *func_id_name(int id);
typedef __printf(2, 3) void (*bpf_insn_print_t)(void *private_data,
Reported by FlawFinder.
Line: 18
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
extern const char *const bpf_alu_string[16];
extern const char *const bpf_class_string[8];
const char *func_id_name(int id);
typedef __printf(2, 3) void (*bpf_insn_print_t)(void *private_data,
const char *, ...);
Reported by FlawFinder.
ipc/sem.c
2 issues
Line: 411
CWE codes:
476
*
* Both facts are tracked by use_global_mode.
*/
idx = array_index_nospec(sops->sem_num, sma->sem_nsems);
sem = &sma->sems[idx];
/*
* Initial check for use_global_lock. Just an optimization,
* no locking, no memory barrier.
Reported by Cppcheck.
Line: 428
CWE codes:
476
/* see SEM_BARRIER_1 for purpose/pairing */
if (!smp_load_acquire(&sma->use_global_lock)) {
/* fast path successful! */
return sops->sem_num;
}
spin_unlock(&sem->lock);
}
/* slow path: acquire the full lock */
Reported by Cppcheck.
ipc/msgutil.c
2 issues
Line: 128
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ERR_PTR(-EINVAL);
alen = min(len, DATALEN_MSG);
memcpy(dst + 1, src + 1, alen);
for (dst_pseg = dst->next, src_pseg = src->next;
src_pseg != NULL;
dst_pseg = dst_pseg->next, src_pseg = src_pseg->next) {
Reported by FlawFinder.
Line: 136
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len -= alen;
alen = min(len, DATALEN_SEG);
memcpy(dst_pseg + 1, src_pseg + 1, alen);
}
dst->m_type = src->m_type;
dst->m_ts = src->m_ts;
Reported by FlawFinder.
include/uapi/linux/rose.h
2 issues
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ROSE_SHIP_ABSENT 0x39
typedef struct {
char rose_addr[5];
} rose_address;
struct sockaddr_rose {
__kernel_sa_family_t srose_family;
rose_address srose_addr;
Reported by FlawFinder.
Line: 70
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
rose_address address;
unsigned short mask;
ax25_address neighbour;
char device[16];
unsigned char ndigis;
ax25_address digipeaters[AX25_MAX_DIGIS];
};
struct rose_cause_struct {
Reported by FlawFinder.
net/atm/lec_arpc.h
2 issues
Line: 16
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lec_arp_table {
struct hlist_node next; /* Linked entry list */
unsigned char atm_addr[ATM_ESA_LEN]; /* Atm address */
unsigned char mac_addr[ETH_ALEN]; /* Mac address */
int is_rdesc; /* Mac address is a route descriptor */
struct atm_vcc *vcc; /* Vcc this entry is attached */
struct atm_vcc *recv_vcc; /* Vcc we receive data from */
Reported by FlawFinder.
Line: 17
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lec_arp_table {
struct hlist_node next; /* Linked entry list */
unsigned char atm_addr[ATM_ESA_LEN]; /* Atm address */
unsigned char mac_addr[ETH_ALEN]; /* Mac address */
int is_rdesc; /* Mac address is a route descriptor */
struct atm_vcc *vcc; /* Vcc this entry is attached */
struct atm_vcc *recv_vcc; /* Vcc we receive data from */
void (*old_push) (struct atm_vcc *vcc, struct sk_buff *skb);
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_IDLETIMER.h
2 issues
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct idletimer_tg_info {
__u32 timeout;
char label[MAX_IDLETIMER_LABEL_SIZE];
/* for kernel module internal use only */
struct idletimer_tg *timer __attribute__((aligned(8)));
};
Reported by FlawFinder.
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct idletimer_tg_info_v1 {
__u32 timeout;
char label[MAX_IDLETIMER_LABEL_SIZE];
__u8 send_nl_msg; /* unused: for compatibility with Android */
__u8 timer_type;
/* for kernel module internal use only */
Reported by FlawFinder.