The following issues were found
include/uapi/asm-generic/siginfo.h
2 issues
Line: 84
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
short _addr_lsb; /* LSB of the reported address */
/* used when si_code=SEGV_BNDERR */
struct {
char _dummy_bnd[__ADDR_BND_PKEY_PAD];
void __user *_lower;
void __user *_upper;
} _addr_bnd;
/* used when si_code=SEGV_PKUERR */
struct {
Reported by FlawFinder.
Line: 90
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} _addr_bnd;
/* used when si_code=SEGV_PKUERR */
struct {
char _dummy_pkey[__ADDR_BND_PKEY_PAD];
__u32 _pkey;
} _addr_pkey;
/* used when si_code=TRAP_PERF */
struct {
unsigned long _data;
Reported by FlawFinder.
net/batman-adv/types.h
2 issues
Line: 1086
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct batadv_priv_debug_log {
/** @log_buff: buffer holding the logs (ring buffer) */
char log_buff[BATADV_LOG_BUF_LEN];
/** @log_start: index of next character to read */
unsigned long log_start;
/** @log_end: index of next character to write */
Reported by FlawFinder.
Line: 2318
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hlist_node list;
/** @addr: the MAC address of this list entry */
unsigned char addr[ETH_ALEN];
};
/**
* struct batadv_dat_candidate - candidate destination for DAT operations
*/
Reported by FlawFinder.
kernel/kthread.c
2 issues
Line: 407
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
* task is already visible to other tasks, so updating
* COMM must be protected.
*/
vsnprintf(name, sizeof(name), namefmt, args);
set_task_comm(task, name);
/*
* root may have changed our (kthreadd's) priority or CPU mask.
* The kernel thread should not inherit these properties.
*/
Reported by FlawFinder.
Line: 401
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
task = create->result;
if (!IS_ERR(task)) {
static const struct sched_param param = { .sched_priority = 0 };
char name[TASK_COMM_LEN];
/*
* task is already visible to other tasks, so updating
* COMM must be protected.
*/
Reported by FlawFinder.
kernel/latencytop.c
2 issues
Line: 131
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
/* Allocted a new one: */
memcpy(&latency_record[i], lat, sizeof(struct latency_record));
}
/**
* __account_scheduler_latency - record an occurred latency
* @tsk - the task struct of the task hitting the latency
Reported by FlawFinder.
Line: 211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Allocated a new one: */
i = tsk->latency_record_count++;
memcpy(&tsk->latency_record[i], &lat, sizeof(struct latency_record));
out_unlock:
raw_spin_unlock_irqrestore(&latency_lock, flags);
}
Reported by FlawFinder.
include/rdma/iw_portmap.h
2 issues
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct iwpm_dev_data {
char dev_name[IWPM_DEVNAME_SIZE];
char if_name[IWPM_IFNAME_SIZE];
};
struct iwpm_sa_data {
struct sockaddr_storage loc_addr;
Reported by FlawFinder.
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iwpm_dev_data {
char dev_name[IWPM_DEVNAME_SIZE];
char if_name[IWPM_IFNAME_SIZE];
};
struct iwpm_sa_data {
struct sockaddr_storage loc_addr;
struct sockaddr_storage mapped_loc_addr;
Reported by FlawFinder.
include/linux/tty.h
2 issues
Line: 288
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mutex winsize_mutex;
/* Termios values are protected by the termios rwsem */
struct ktermios termios, termios_locked;
char name[64];
unsigned long flags;
int count;
struct winsize winsize; /* winsize_mutex */
struct {
Reported by FlawFinder.
kernel/locking/lock_events.c
2 issues
Line: 46
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* minimizes added overhead making the counts usable even in a production
* environment.
*/
static const char * const lockevent_names[lockevent_num + 1] = {
#include "lock_events_list.h"
[LOCKEVENT_reset_cnts] = ".reset_counts",
};
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ssize_t __weak lockevent_read(struct file *file, char __user *user_buf,
size_t count, loff_t *ppos)
{
char buf[64];
int cpu, id, len;
u64 sum = 0;
/*
* Get the counter ID stored in file->f_inode->i_private
Reported by FlawFinder.
net/ipv4/fib_semantics.c
2 issues
Line: 974
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return false;
if (type == RTAX_CC_ALGO) {
char tmp[TCP_CA_NAME_MAX];
bool ecn_ca = false;
nla_strscpy(tmp, nla, sizeof(tmp));
val = tcp_ca_get_key_by_name(fi->fib_net, tmp, &ecn_ca);
} else {
Reported by FlawFinder.
Line: 1637
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
via = nla_data(nla);
via->rtvia_family = AF_INET6;
memcpy(via->rtvia_addr, &nhc->nhc_gw.ipv6, alen);
} else if (nla_put_in6_addr(skb, RTA_GATEWAY,
&nhc->nhc_gw.ipv6) < 0) {
goto nla_put_failure;
}
break;
Reported by FlawFinder.
include/rdma/iba.h
2 issues
Line: 78
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const type *_in_ptr = in; \
WARN_ON(bytes * 8 > num_bits); \
if (in && bytes) \
memcpy(_IBA_GET_MEM_PTR(field_struct, field_offset, \
type, num_bits, ptr), \
_in_ptr, bytes); \
})
#define IBA_SET_MEM(field, ptr, in, bytes) _IBA_SET_MEM(field, ptr, in, bytes)
Reported by FlawFinder.
Line: 99
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
type *_out_ptr = out; \
WARN_ON(bytes * 8 > num_bits); \
if (out && bytes) \
memcpy(_out_ptr, \
_IBA_GET_MEM_PTR(field_struct, field_offset, \
type, num_bits, ptr), \
bytes); \
})
#define IBA_GET_MEM(field, ptr, out, bytes) _IBA_GET_MEM(field, ptr, out, bytes)
Reported by FlawFinder.
net/rds/stats.c
2 issues
Line: 91
Column: 10
CWE codes:
126
size_t i;
for (i = 0; i < nr; i++) {
BUG_ON(strlen(names[i]) >= sizeof(ctr.name));
strncpy(ctr.name, names[i], sizeof(ctr.name) - 1);
ctr.name[sizeof(ctr.name) - 1] = '\0';
ctr.value = values[i];
rds_info_copy(iter, &ctr, sizeof(ctr));
Reported by FlawFinder.
Line: 92
Column: 3
CWE codes:
120
for (i = 0; i < nr; i++) {
BUG_ON(strlen(names[i]) >= sizeof(ctr.name));
strncpy(ctr.name, names[i], sizeof(ctr.name) - 1);
ctr.name[sizeof(ctr.name) - 1] = '\0';
ctr.value = values[i];
rds_info_copy(iter, &ctr, sizeof(ctr));
}
Reported by FlawFinder.