The following issues were found
net/batman-adv/gateway_client.c
2 issues
Line: 215
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct batadv_gw_node *next_gw = NULL;
struct batadv_neigh_node *router = NULL;
struct batadv_neigh_ifinfo *router_ifinfo = NULL;
char gw_addr[18] = { '\0' };
if (atomic_read(&bat_priv->gw.mode) != BATADV_GW_MODE_CLIENT)
goto out;
if (!bat_priv->algo_ops->gw.get_best_gw_node)
Reported by FlawFinder.
Line: 238
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto out;
if (next_gw) {
sprintf(gw_addr, "%pM", next_gw->orig_node->orig);
router = batadv_orig_router_get(next_gw->orig_node,
BATADV_IF_DEFAULT);
if (!router) {
batadv_gw_reselect(bat_priv);
Reported by FlawFinder.
kernel/extable.c
2 issues
Line: 38
CWE codes:
570
void __init sort_main_extable(void)
{
if (main_extable_sort_needed &&
&__stop___ex_table > &__start___ex_table) {
pr_notice("Sorting __ex_table...\n");
sort_extable(__start___ex_table, __stop___ex_table);
}
}
Reported by Cppcheck.
Line: 49
CWE codes:
570
struct exception_table_entry *search_kernel_exception_table(unsigned long addr)
{
return search_extable(__start___ex_table,
__stop___ex_table - __start___ex_table, addr);
}
/* Given an address, look for it in the exception tables. */
const struct exception_table_entry *search_exception_tables(unsigned long addr)
{
Reported by Cppcheck.
net/batman-adv/gateway_common.c
2 issues
Line: 44
Column: 6
CWE codes:
126
char *tmp_ptr;
int ret;
if (strlen(buff) > 4) {
tmp_ptr = buff + strlen(buff) - 4;
if (strncasecmp(tmp_ptr, "mbit", 4) == 0)
bw_unit_type = BATADV_BW_UNIT_MBIT;
Reported by FlawFinder.
Line: 45
Column: 20
CWE codes:
126
int ret;
if (strlen(buff) > 4) {
tmp_ptr = buff + strlen(buff) - 4;
if (strncasecmp(tmp_ptr, "mbit", 4) == 0)
bw_unit_type = BATADV_BW_UNIT_MBIT;
if (strncasecmp(tmp_ptr, "kbit", 4) == 0 ||
Reported by FlawFinder.
lib/inflate.c
2 issues
Line: 670
Column: 11
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#if !defined(NOMEMCPY) && !defined(DEBUG)
if (w - d >= e) /* (this test assumes unsigned comparison) */
{
memcpy(slide + w, slide + d, e);
w += e;
d += e;
}
else /* do it slow to avoid memcpy() overlap */
#endif /* !NOMEMCPY */
Reported by FlawFinder.
Line: 1197
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int INIT gunzip(void)
{
uch flags;
unsigned char magic[2]; /* magic header */
char method;
ulg orig_crc = 0; /* original crc */
ulg orig_len = 0; /* original uncompressed length */
int res;
Reported by FlawFinder.
lib/iomap.c
2 issues
Line: 39
Column: 59
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#define PIO_RESERVED 0x40000UL
#endif
static void bad_io_access(unsigned long port, const char *access)
{
static int count = 10;
if (count) {
count--;
WARN(1, KERN_ERR "Bad IO access at port %#lx (%s)\n", port, access);
Reported by FlawFinder.
Line: 44
Column: 63
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static int count = 10;
if (count) {
count--;
WARN(1, KERN_ERR "Bad IO access at port %#lx (%s)\n", port, access);
}
}
/*
* Ugly macros are a way of life.
Reported by FlawFinder.
include/uapi/sound/firewire.h
2 issues
Line: 96
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_firewire_get_info {
unsigned int type; /* SNDRV_FIREWIRE_TYPE_xxx */
unsigned int card; /* same as fw_cdev_get_info.card */
unsigned char guid[8];
char device_name[16]; /* device node in /dev */
};
/*
* SNDRV_FIREWIRE_IOCTL_LOCK prevents the driver from streaming.
Reported by FlawFinder.
Line: 97
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int type; /* SNDRV_FIREWIRE_TYPE_xxx */
unsigned int card; /* same as fw_cdev_get_info.card */
unsigned char guid[8];
char device_name[16]; /* device node in /dev */
};
/*
* SNDRV_FIREWIRE_IOCTL_LOCK prevents the driver from streaming.
* Returns -EBUSY if the driver is already streaming.
Reported by FlawFinder.
net/batman-adv/soft-interface.c
2 issues
Line: 916
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* and compile time checking for strings longer than ETH_GSTRING_LEN.
*/
static const struct {
const char name[ETH_GSTRING_LEN];
} batadv_counters_strings[] = {
{ "tx" },
{ "tx_bytes" },
{ "tx_dropped" },
{ "rx" },
Reported by FlawFinder.
Line: 964
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void batadv_get_strings(struct net_device *dev, u32 stringset, u8 *data)
{
if (stringset == ETH_SS_STATS)
memcpy(data, batadv_counters_strings,
sizeof(batadv_counters_strings));
}
static void batadv_get_ethtool_stats(struct net_device *dev,
struct ethtool_stats *stats, u64 *data)
Reported by FlawFinder.
net/batman-adv/tp_meter.c
2 issues
Line: 550
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bytes_inbuf = sizeof(batadv_tp_prerandom) - local_offset;
to_copy = min(nbytes, bytes_inbuf);
memcpy(&buf[pos], &batadv_tp_prerandom[local_offset], to_copy);
pos += to_copy;
nbytes -= to_copy;
local_offset = 0;
}
}
Reported by FlawFinder.
Line: 988
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kref_init(&tp_vars->refcount);
tp_vars->role = BATADV_TP_SENDER;
atomic_set(&tp_vars->sending, 1);
memcpy(tp_vars->session, session_id, sizeof(session_id));
tp_vars->icmp_uid = icmp_uid;
tp_vars->last_sent = BATADV_TP_FIRST_SEQ;
atomic_set(&tp_vars->last_acked, BATADV_TP_FIRST_SEQ);
tp_vars->fast_recovery = false;
Reported by FlawFinder.
net/ieee802154/sysfs.c
2 issues
Line: 31
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
struct device_attribute *attr, \
char *buf) \
{ \
return sprintf(buf, fmt "\n", dev_to_rdev(dev)->member); \
} \
static DEVICE_ATTR_RO(name)
SHOW_FMT(index, "%d", wpan_phy_idx);
Reported by FlawFinder.
Line: 43
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct wpan_phy *wpan_phy = &dev_to_rdev(dev)->wpan_phy;
return sprintf(buf, "%s\n", dev_name(&wpan_phy->dev));
}
static DEVICE_ATTR_RO(name);
static void wpan_phy_release(struct device *dev)
{
Reported by FlawFinder.
include/uapi/linux/netrom.h
2 issues
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define NETROM_NODE 1
int type;
ax25_address callsign;
char device[16];
unsigned int quality;
char mnemonic[7];
ax25_address neighbour;
unsigned int obs_count;
unsigned int ndigis;
Reported by FlawFinder.
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ax25_address callsign;
char device[16];
unsigned int quality;
char mnemonic[7];
ax25_address neighbour;
unsigned int obs_count;
unsigned int ndigis;
ax25_address digipeaters[AX25_MAX_DIGIS];
};
Reported by FlawFinder.