The following issues were found
include/uapi/linux/gfs2_ondisk.h
2 issues
Line: 128
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gfs2_inum __pad2; /* Was rindex dinode in gfs1 */
struct gfs2_inum sb_root_dir;
char sb_lockproto[GFS2_LOCKNAME_LEN];
char sb_locktable[GFS2_LOCKNAME_LEN];
struct gfs2_inum __pad3; /* Was quota inode in gfs1 */
struct gfs2_inum __pad4; /* Was licence inode in gfs1 */
#define GFS2_HAS_UUID 1
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gfs2_inum sb_root_dir;
char sb_lockproto[GFS2_LOCKNAME_LEN];
char sb_locktable[GFS2_LOCKNAME_LEN];
struct gfs2_inum __pad3; /* Was quota inode in gfs1 */
struct gfs2_inum __pad4; /* Was licence inode in gfs1 */
#define GFS2_HAS_UUID 1
__u8 sb_uuid[16]; /* The UUID, maybe 0 for backwards compat */
Reported by FlawFinder.
net/rds/connection.c
2 issues
Line: 751
Column: 2
CWE codes:
120
cinfo->laddr = conn->c_laddr.s6_addr32[3];
cinfo->faddr = conn->c_faddr.s6_addr32[3];
cinfo->tos = conn->c_tos;
strncpy(cinfo->transport, conn->c_trans->t_name,
sizeof(cinfo->transport));
cinfo->flags = 0;
rds_conn_info_set(cinfo->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
SENDING);
Reported by FlawFinder.
Line: 777
Column: 2
CWE codes:
120
cinfo6->next_rx_seq = cp->cp_next_rx_seq;
cinfo6->laddr = conn->c_laddr;
cinfo6->faddr = conn->c_faddr;
strncpy(cinfo6->transport, conn->c_trans->t_name,
sizeof(cinfo6->transport));
cinfo6->flags = 0;
rds_conn_info_set(cinfo6->flags, test_bit(RDS_IN_XMIT, &cp->cp_flags),
SENDING);
Reported by FlawFinder.
kernel/cgroup/rstat.c
2 issues
Line: 261
CWE codes:
908
/* ->updated_children list is self terminated */
for_each_possible_cpu(cpu) {
struct cgroup_rstat_cpu *rstatc = cgroup_rstat_cpu(cgrp, cpu);
rstatc->updated_children = cgrp;
u64_stats_init(&rstatc->bsync);
}
Reported by Cppcheck.
Line: 278
CWE codes:
908
/* sanity check */
for_each_possible_cpu(cpu) {
struct cgroup_rstat_cpu *rstatc = cgroup_rstat_cpu(cgrp, cpu);
if (WARN_ON_ONCE(rstatc->updated_children != cgrp) ||
WARN_ON_ONCE(rstatc->updated_next))
return;
}
Reported by Cppcheck.
include/xen/interface/io/fbif.h
2 issues
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint8_t type;
struct xenfb_update update;
struct xenfb_resize resize;
char pad[XENFB_OUT_EVENT_SIZE];
};
/* In events (backend -> frontend) */
/*
Reported by FlawFinder.
Line: 87
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union xenfb_in_event {
uint8_t type;
char pad[XENFB_IN_EVENT_SIZE];
};
/* shared page */
#define XENFB_IN_RING_SIZE 1024
Reported by FlawFinder.
kernel/configs.c
2 issues
Line: 46
CWE codes:
570
{
return simple_read_from_buffer(buf, len, offset,
&kernel_config_data,
&kernel_config_data_end -
&kernel_config_data);
}
static const struct proc_ops config_gz_proc_ops = {
.proc_read = ikconfig_read_current,
Reported by Cppcheck.
Line: 65
CWE codes:
570
if (!entry)
return -ENOMEM;
proc_set_size(entry, &kernel_config_data_end - &kernel_config_data);
return 0;
}
static void __exit ikconfig_cleanup(void)
Reported by Cppcheck.
include/xen/interface/io/console.h
2 issues
Line: 18
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MASK_XENCONS_IDX(idx, ring) ((idx) & (sizeof(ring)-1))
struct xencons_interface {
char in[1024];
char out[2048];
XENCONS_RING_IDX in_cons, in_prod;
XENCONS_RING_IDX out_cons, out_prod;
};
Reported by FlawFinder.
Line: 19
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xencons_interface {
char in[1024];
char out[2048];
XENCONS_RING_IDX in_cons, in_prod;
XENCONS_RING_IDX out_cons, out_prod;
};
#endif /* __XEN_PUBLIC_IO_CONSOLE_H__ */
Reported by FlawFinder.
lib/dump_stack.c
2 issues
Line: 35
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list args;
va_start(args, fmt);
vsnprintf(dump_stack_arch_desc_str, sizeof(dump_stack_arch_desc_str),
fmt, args);
va_end(args);
}
#if IS_ENABLED(CONFIG_STACKTRACE_BUILD_ID)
Reported by FlawFinder.
Line: 18
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/utsname.h>
#include <linux/stop_machine.h>
static char dump_stack_arch_desc_str[128];
/**
* dump_stack_set_arch_desc - set arch-specific str to show with task dumps
* @fmt: printf-style format string
* @...: arguments for the format string
Reported by FlawFinder.
kernel/cred.c
2 issues
Line: 269
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kdebug("prepare_creds() alloc %p", new);
old = task->cred;
memcpy(new, old, sizeof(struct cred));
new->non_rcu = 0;
atomic_set(&new->usage, 1);
set_cred_subscribers(new, 0);
get_group_info(new->group_info);
Reported by FlawFinder.
Line: 803
Column: 41
CWE codes:
126
u32 secid;
int ret;
ret = security_secctx_to_secid(secctx, strlen(secctx), &secid);
if (ret < 0)
return ret;
return set_security_override(new, secid);
}
Reported by FlawFinder.
include/uapi/linux/nbd.h
2 issues
Line: 75
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nbd_request {
__be32 magic;
__be32 type; /* == READ || == WRITE */
char handle[8];
__be64 from;
__be32 len;
} __attribute__((packed));
/*
Reported by FlawFinder.
Line: 87
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nbd_reply {
__be32 magic;
__be32 error; /* 0 = ok, else error */
char handle[8]; /* handle you got from request */
};
#endif /* _UAPILINUX_NBD_H */
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_cgroup.h
2 issues
Line: 18
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 has_classid;
__u8 invert_path;
__u8 invert_classid;
char path[PATH_MAX];
__u32 classid;
/* kernel internal data */
void *priv __attribute__((aligned(8)));
};
Reported by FlawFinder.
Line: 33
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 invert_path;
__u8 invert_classid;
union {
char path[XT_CGROUP_PATH_MAX];
__u32 classid;
};
/* kernel internal data */
void *priv __attribute__((aligned(8)));
Reported by FlawFinder.