The following issues were found
include/uapi/linux/utsname.h
16 issues
Line: 8
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define __OLD_UTS_LEN 8
struct oldold_utsname {
char sysname[9];
char nodename[9];
char release[9];
char version[9];
char machine[9];
};
Reported by FlawFinder.
Line: 9
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct oldold_utsname {
char sysname[9];
char nodename[9];
char release[9];
char version[9];
char machine[9];
};
Reported by FlawFinder.
Line: 10
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct oldold_utsname {
char sysname[9];
char nodename[9];
char release[9];
char version[9];
char machine[9];
};
#define __NEW_UTS_LEN 64
Reported by FlawFinder.
Line: 11
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char sysname[9];
char nodename[9];
char release[9];
char version[9];
char machine[9];
};
#define __NEW_UTS_LEN 64
Reported by FlawFinder.
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char nodename[9];
char release[9];
char version[9];
char machine[9];
};
#define __NEW_UTS_LEN 64
struct old_utsname {
Reported by FlawFinder.
Line: 18
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define __NEW_UTS_LEN 64
struct old_utsname {
char sysname[65];
char nodename[65];
char release[65];
char version[65];
char machine[65];
};
Reported by FlawFinder.
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct old_utsname {
char sysname[65];
char nodename[65];
char release[65];
char version[65];
char machine[65];
};
Reported by FlawFinder.
Line: 20
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct old_utsname {
char sysname[65];
char nodename[65];
char release[65];
char version[65];
char machine[65];
};
struct new_utsname {
Reported by FlawFinder.
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char sysname[65];
char nodename[65];
char release[65];
char version[65];
char machine[65];
};
struct new_utsname {
char sysname[__NEW_UTS_LEN + 1];
Reported by FlawFinder.
Line: 22
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char nodename[65];
char release[65];
char version[65];
char machine[65];
};
struct new_utsname {
char sysname[__NEW_UTS_LEN + 1];
char nodename[__NEW_UTS_LEN + 1];
Reported by FlawFinder.
include/linux/nfs_xdr.h
16 issues
Line: 1751
Column: 8
CWE codes:
362
20
Suggestion:
Reconsider approach
int (*lookupp) (struct inode *, struct nfs_fh *,
struct nfs_fattr *, struct nfs4_label *);
int (*access) (struct inode *, struct nfs_access_entry *);
int (*readlink)(struct inode *, struct page *, unsigned int,
unsigned int);
int (*create) (struct inode *, struct dentry *,
struct iattr *, int);
int (*remove) (struct inode *, struct dentry *);
void (*unlink_setup) (struct rpc_message *, struct dentry *, struct inode *);
Reported by FlawFinder.
Line: 462
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int open_flags;
fmode_t fmode;
u32 share_access;
u32 access;
__u64 clientid;
struct stateowner_id id;
union {
struct {
struct iattr * attrs; /* UNCHECKED, GUARDED, EXCLUSIVE4_1 */
Reported by FlawFinder.
Line: 907
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct nfs3_accessargs {
struct nfs_fh * fh;
__u32 access;
};
struct nfs3_createargs {
struct nfs_fh * fh;
const char * name;
Reported by FlawFinder.
Line: 968
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct nfs3_accessres {
struct nfs_fattr * fattr;
__u32 access;
};
struct nfs3_readlinkargs {
struct nfs_fh * fh;
unsigned int pgbase;
Reported by FlawFinder.
Line: 1006
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct nfs4_sequence_args seq_args;
const struct nfs_fh * fh;
const u32 * bitmask;
u32 access;
};
struct nfs4_accessres {
struct nfs4_sequence_res seq_res;
const struct nfs_server * server;
Reported by FlawFinder.
Line: 1014
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
const struct nfs_server * server;
struct nfs_fattr * fattr;
u32 supported;
u32 access;
};
struct nfs4_create_arg {
struct nfs4_sequence_args seq_args;
u32 ftype;
Reported by FlawFinder.
Line: 1750
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct nfs4_label *);
int (*lookupp) (struct inode *, struct nfs_fh *,
struct nfs_fattr *, struct nfs4_label *);
int (*access) (struct inode *, struct nfs_access_entry *);
int (*readlink)(struct inode *, struct page *, unsigned int,
unsigned int);
int (*create) (struct inode *, struct dentry *,
struct iattr *, int);
int (*remove) (struct inode *, struct dentry *);
Reported by FlawFinder.
Line: 634
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Arguments to the write call.
*/
struct nfs_write_verifier {
char data[8];
};
struct nfs_writeverf {
struct nfs_write_verifier verifier;
enum nfs3_stable_how committed;
Reported by FlawFinder.
Line: 1168
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const nfs4_verifier * sc_verifier;
u32 sc_prog;
unsigned int sc_netid_len;
char sc_netid[RPCBIND_MAXNETIDLEN + 1];
unsigned int sc_uaddr_len;
char sc_uaddr[RPCBIND_MAXUADDRLEN + 1];
struct nfs_client *sc_clnt;
struct rpc_cred *sc_cred;
};
Reported by FlawFinder.
Line: 1170
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int sc_netid_len;
char sc_netid[RPCBIND_MAXNETIDLEN + 1];
unsigned int sc_uaddr_len;
char sc_uaddr[RPCBIND_MAXUADDRLEN + 1];
struct nfs_client *sc_clnt;
struct rpc_cred *sc_cred;
};
struct nfs4_setclientid_res {
Reported by FlawFinder.
drivers/staging/media/atomisp/pci/runtime/debug/src/ia_css_debug.c
16 issues
Line: 139
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* [IA_CSS_PIPE_ID_ACC] =*/ "accelerator"
};
static char dot_id_input_bin[SH_CSS_MAX_BINARY_NAME + 10];
static char ring_buffer[200];
void ia_css_debug_dtrace(unsigned int level, const char *fmt, ...)
{
va_list ap;
Reported by FlawFinder.
Line: 140
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static char dot_id_input_bin[SH_CSS_MAX_BINARY_NAME + 10];
static char ring_buffer[200];
void ia_css_debug_dtrace(unsigned int level, const char *fmt, ...)
{
va_list ap;
Reported by FlawFinder.
Line: 894
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *fsm_pack_st = NULL;
const char *fsm_read_st = NULL;
const char *fsm_write_st = NULL;
char last_cmd_str[64];
dma_get_state(DMA0_ID, &state);
/* Print header for DMA dump status */
ia_css_debug_dtrace(2, "DMA dump status:\n");
Reported by FlawFinder.
Line: 1577
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*
* Adjust this to your trace case!
*/
static char const *const id2filename[8] = {
"param_buffer.sp.c | tagger.sp.c | pipe_data.sp.c",
"isp_init.sp.c",
"sp_raw_copy.hive.c",
"dma_configure.sp.c",
"sp.hive.c",
Reported by FlawFinder.
Line: 1590
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Example SH_CSS_SP_DBG_NR_OF_TRACES==1 */
/* Adjust this to your trace case */
static char const *trace_name[SH_CSS_SP_DBG_NR_OF_TRACES] = {
"default"
};
/* Remember host_index_last because we only want to print new entries */
static int host_index_last[SH_CSS_SP_DBG_NR_OF_TRACES] = { 0 };
Reported by FlawFinder.
Line: 2558
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char const *frame_name,
bool in_frame)
{
char bufinfo[100];
if (frame->dynamic_queue_id == SH_CSS_INVALID_QUEUE_ID) {
snprintf(bufinfo, sizeof(bufinfo), "Internal");
} else {
snprintf(bufinfo, sizeof(bufinfo), "Queue: %s %s",
Reported by FlawFinder.
Line: 2649
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ia_css_pipeline_stage *stage,
enum ia_css_pipe_id id)
{
char blob_name[SH_CSS_MAX_BINARY_NAME + 10] = "<unknown type>";
char const *bin_type = "<unknown type>";
int i;
assert(stage);
if (stage->sp_func != IA_CSS_PIPELINE_NO_FUNC)
Reported by FlawFinder.
Line: 2676
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Guard in case of binaries that don't have any binary_info */
if (stage->binary_info) {
char enable_info1[100];
char enable_info2[100];
char enable_info3[100];
char enable_info[200];
struct ia_css_binary_info *bi = stage->binary_info;
Reported by FlawFinder.
Line: 2677
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Guard in case of binaries that don't have any binary_info */
if (stage->binary_info) {
char enable_info1[100];
char enable_info2[100];
char enable_info3[100];
char enable_info[200];
struct ia_css_binary_info *bi = stage->binary_info;
/* Split it in 2 function-calls to keep the amount of
Reported by FlawFinder.
Line: 2678
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (stage->binary_info) {
char enable_info1[100];
char enable_info2[100];
char enable_info3[100];
char enable_info[200];
struct ia_css_binary_info *bi = stage->binary_info;
/* Split it in 2 function-calls to keep the amount of
* parameters per call "reasonable"
Reported by FlawFinder.
arch/mips/dec/setup.c
16 issues
Line: 224
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void __init dec_init_kn01(void)
{
/* IRQ routing. */
memcpy(&dec_interrupt, &kn01_interrupt,
sizeof(kn01_interrupt));
/* CPU IRQ priorities. */
memcpy(&cpu_mask_nr_tbl, &kn01_cpu_mask_nr_tbl,
sizeof(kn01_cpu_mask_nr_tbl));
Reported by FlawFinder.
Line: 228
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(kn01_interrupt));
/* CPU IRQ priorities. */
memcpy(&cpu_mask_nr_tbl, &kn01_cpu_mask_nr_tbl,
sizeof(kn01_cpu_mask_nr_tbl));
mips_cpu_irq_init();
} /* dec_init_kn01 */
Reported by FlawFinder.
Line: 299
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void __init dec_init_kn230(void)
{
/* IRQ routing. */
memcpy(&dec_interrupt, &kn230_interrupt,
sizeof(kn230_interrupt));
/* CPU IRQ priorities. */
memcpy(&cpu_mask_nr_tbl, &kn230_cpu_mask_nr_tbl,
sizeof(kn230_cpu_mask_nr_tbl));
Reported by FlawFinder.
Line: 303
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(kn230_interrupt));
/* CPU IRQ priorities. */
memcpy(&cpu_mask_nr_tbl, &kn230_cpu_mask_nr_tbl,
sizeof(kn230_cpu_mask_nr_tbl));
mips_cpu_irq_init();
} /* dec_init_kn230 */
Reported by FlawFinder.
Line: 389
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void __init dec_init_kn02(void)
{
/* IRQ routing. */
memcpy(&dec_interrupt, &kn02_interrupt,
sizeof(kn02_interrupt));
/* CPU IRQ priorities. */
memcpy(&cpu_mask_nr_tbl, &kn02_cpu_mask_nr_tbl,
sizeof(kn02_cpu_mask_nr_tbl));
Reported by FlawFinder.
Line: 393
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(kn02_interrupt));
/* CPU IRQ priorities. */
memcpy(&cpu_mask_nr_tbl, &kn02_cpu_mask_nr_tbl,
sizeof(kn02_cpu_mask_nr_tbl));
/* KN02 CSR IRQ priorities. */
memcpy(&asic_mask_nr_tbl, &kn02_asic_mask_nr_tbl,
sizeof(kn02_asic_mask_nr_tbl));
Reported by FlawFinder.
Line: 397
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(kn02_cpu_mask_nr_tbl));
/* KN02 CSR IRQ priorities. */
memcpy(&asic_mask_nr_tbl, &kn02_asic_mask_nr_tbl,
sizeof(kn02_asic_mask_nr_tbl));
mips_cpu_irq_init();
init_kn02_irqs(KN02_IRQ_BASE);
Reported by FlawFinder.
Line: 490
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void __init dec_init_kn02ba(void)
{
/* IRQ routing. */
memcpy(&dec_interrupt, &kn02ba_interrupt,
sizeof(kn02ba_interrupt));
/* CPU IRQ priorities. */
memcpy(&cpu_mask_nr_tbl, &kn02ba_cpu_mask_nr_tbl,
sizeof(kn02ba_cpu_mask_nr_tbl));
Reported by FlawFinder.
Line: 494
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(kn02ba_interrupt));
/* CPU IRQ priorities. */
memcpy(&cpu_mask_nr_tbl, &kn02ba_cpu_mask_nr_tbl,
sizeof(kn02ba_cpu_mask_nr_tbl));
/* I/O ASIC IRQ priorities. */
memcpy(&asic_mask_nr_tbl, &kn02ba_asic_mask_nr_tbl,
sizeof(kn02ba_asic_mask_nr_tbl));
Reported by FlawFinder.
Line: 498
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(kn02ba_cpu_mask_nr_tbl));
/* I/O ASIC IRQ priorities. */
memcpy(&asic_mask_nr_tbl, &kn02ba_asic_mask_nr_tbl,
sizeof(kn02ba_asic_mask_nr_tbl));
mips_cpu_irq_init();
init_ioasic_irqs(IO_IRQ_BASE);
Reported by FlawFinder.
include/target/iscsi/iscsi_target_core.h
16 issues
Line: 274
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct iscsi_sess_ops {
char InitiatorName[ISCSI_IQN_LEN];
char InitiatorAlias[256];
char TargetName[ISCSI_IQN_LEN];
char TargetAlias[256];
char TargetAddress[256];
u16 TargetPortalGroupTag; /* [0..65535] */
Reported by FlawFinder.
Line: 275
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iscsi_sess_ops {
char InitiatorName[ISCSI_IQN_LEN];
char InitiatorAlias[256];
char TargetName[ISCSI_IQN_LEN];
char TargetAlias[256];
char TargetAddress[256];
u16 TargetPortalGroupTag; /* [0..65535] */
u16 MaxConnections; /* [1..65535] */
Reported by FlawFinder.
Line: 276
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iscsi_sess_ops {
char InitiatorName[ISCSI_IQN_LEN];
char InitiatorAlias[256];
char TargetName[ISCSI_IQN_LEN];
char TargetAlias[256];
char TargetAddress[256];
u16 TargetPortalGroupTag; /* [0..65535] */
u16 MaxConnections; /* [1..65535] */
u8 InitialR2T; /* [0,1] == [No,Yes] */
Reported by FlawFinder.
Line: 277
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char InitiatorName[ISCSI_IQN_LEN];
char InitiatorAlias[256];
char TargetName[ISCSI_IQN_LEN];
char TargetAlias[256];
char TargetAddress[256];
u16 TargetPortalGroupTag; /* [0..65535] */
u16 MaxConnections; /* [1..65535] */
u8 InitialR2T; /* [0,1] == [No,Yes] */
u8 ImmediateData; /* [0,1] == [No,Yes] */
Reported by FlawFinder.
Line: 278
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char InitiatorAlias[256];
char TargetName[ISCSI_IQN_LEN];
char TargetAlias[256];
char TargetAddress[256];
u16 TargetPortalGroupTag; /* [0..65535] */
u16 MaxConnections; /* [1..65535] */
u8 InitialR2T; /* [0,1] == [No,Yes] */
u8 ImmediateData; /* [0,1] == [No,Yes] */
u32 MaxBurstLength; /* [512..2**24-1] */
Reported by FlawFinder.
Line: 446
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* See include/linux/dma-mapping.h */
enum dma_data_direction data_direction;
/* iSCSI PDU Header + CRC */
unsigned char pdu[ISCSI_HDR_LEN + ISCSI_CRC_LEN];
/* Number of times struct iscsi_cmd is present in immediate queue */
atomic_t immed_queue_count;
atomic_t response_queue_count;
spinlock_t datain_lock;
spinlock_t dataout_timeout_lock;
Reported by FlawFinder.
Line: 492
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct se_cmd se_cmd;
/* Sense buffer that will be mapped into outgoing status */
#define ISCSI_SENSE_BUFFER_LEN (TRANSPORT_SENSE_BUFFER + 2)
unsigned char sense_buffer[ISCSI_SENSE_BUFFER_LEN];
u32 padding;
u8 pad_bytes[4];
struct scatterlist *first_data_sg;
Reported by FlawFinder.
Line: 650
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* LIO specific session ID */
u32 sid;
char auth_type[8];
/* unique within the target */
int session_index;
/* Used for session reference counting */
int session_usage_count;
int session_waiting_on_uc;
Reported by FlawFinder.
Line: 701
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 login_complete;
u8 login_failed;
bool zero_tsih;
char isid[6];
u32 cmd_sn;
itt_t init_task_tag;
u32 initial_exp_statsn;
u32 rsp_length;
u16 cid;
Reported by FlawFinder.
Line: 708
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 rsp_length;
u16 cid;
u16 tsih;
char req[ISCSI_HDR_LEN];
char rsp[ISCSI_HDR_LEN];
char *req_buf;
char *rsp_buf;
struct iscsi_conn *conn;
struct iscsi_np *np;
Reported by FlawFinder.
drivers/net/hippi/rrunner.h
16 issues
Line: 629
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 Firmware;
u32 BoardRevision;
u32 RoadrunnerRev;
char OpticsPart[8];
u32 OpticsRev;
u32 pad1;
char SramPart[8];
u32 SramRev;
u32 pad2;
Reported by FlawFinder.
Line: 632
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char OpticsPart[8];
u32 OpticsRev;
u32 pad1;
char SramPart[8];
u32 SramRev;
u32 pad2;
char EepromPart[8];
u32 EepromRev;
u32 EepromSize;
Reported by FlawFinder.
Line: 635
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char SramPart[8];
u32 SramRev;
u32 pad2;
char EepromPart[8];
u32 EepromRev;
u32 EepromSize;
char PalPart[8];
u32 PalRev;
u32 pad3;
Reported by FlawFinder.
Line: 638
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char EepromPart[8];
u32 EepromRev;
u32 EepromSize;
char PalPart[8];
u32 PalRev;
u32 pad3;
char PalCodeFile[12];
u32 PalCodeRev;
char BoardULA[8];
Reported by FlawFinder.
Line: 641
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char PalPart[8];
u32 PalRev;
u32 pad3;
char PalCodeFile[12];
u32 PalCodeRev;
char BoardULA[8];
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
Reported by FlawFinder.
Line: 643
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 pad3;
char PalCodeFile[12];
u32 PalCodeRev;
char BoardULA[8];
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
char ModifyDate[8];
u32 ModCount;
Reported by FlawFinder.
Line: 644
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char PalCodeFile[12];
u32 PalCodeRev;
char BoardULA[8];
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
char ModifyDate[8];
u32 ModCount;
u32 pad4[13];
Reported by FlawFinder.
Line: 645
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 PalCodeRev;
char BoardULA[8];
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
char ModifyDate[8];
u32 ModCount;
u32 pad4[13];
};
Reported by FlawFinder.
Line: 646
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char BoardULA[8];
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
char ModifyDate[8];
u32 ModCount;
u32 pad4[13];
};
Reported by FlawFinder.
Line: 647
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
char ModifyDate[8];
u32 ModCount;
u32 pad4[13];
};
Reported by FlawFinder.
fs/udf/inode.c
16 issues
Line: 662
CWE codes:
908
extent.extLocation.partitionReferenceNum = 0;
extent.extLength = EXT_NOT_RECORDED_NOT_ALLOCATED;
} else {
epos.offset -= adsize;
etype = udf_next_aext(inode, &epos, &extent.extLocation,
&extent.extLength, 0);
extent.extLength |= etype << 30;
}
Reported by Cppcheck.
Line: 1764
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
eid = (struct regid *)dsea->impUse;
memset(eid, 0, sizeof(*eid));
strcpy(eid->ident, UDF_ID_DEVELOPER);
eid->identSuffix[0] = UDF_OS_CLASS_UNIX;
eid->identSuffix[1] = UDF_OS_ID_LINUX;
dsea->majorDeviceIdent = cpu_to_le32(imajor(inode));
dsea->minorDeviceIdent = cpu_to_le32(iminor(inode));
}
Reported by FlawFinder.
Line: 1788
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
udf_time_to_disk_stamp(&fe->modificationTime, inode->i_mtime);
udf_time_to_disk_stamp(&fe->attrTime, inode->i_ctime);
memset(&(fe->impIdent), 0, sizeof(struct regid));
strcpy(fe->impIdent.ident, UDF_ID_DEVELOPER);
fe->impIdent.identSuffix[0] = UDF_OS_CLASS_UNIX;
fe->impIdent.identSuffix[1] = UDF_OS_ID_LINUX;
fe->uniqueID = cpu_to_le64(iinfo->i_unique);
fe->lengthExtendedAttr = cpu_to_le32(iinfo->i_lenEAttr);
fe->lengthAllocDescs = cpu_to_le32(iinfo->i_lenAlloc);
Reported by FlawFinder.
Line: 1825
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
udf_time_to_disk_stamp(&efe->attrTime, inode->i_ctime);
memset(&(efe->impIdent), 0, sizeof(efe->impIdent));
strcpy(efe->impIdent.ident, UDF_ID_DEVELOPER);
efe->impIdent.identSuffix[0] = UDF_OS_CLASS_UNIX;
efe->impIdent.identSuffix[1] = UDF_OS_ID_LINUX;
efe->uniqueID = cpu_to_le64(iinfo->i_unique);
efe->lengthExtendedAttr = cpu_to_le32(iinfo->i_lenEAttr);
efe->lengthAllocDescs = cpu_to_le32(iinfo->i_lenAlloc);
Reported by FlawFinder.
Line: 103
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(iinfo->cached_extent.lstart != -1)) {
/* Cache hit */
*lbcount = iinfo->cached_extent.lstart;
memcpy(pos, &iinfo->cached_extent.epos,
sizeof(struct extent_position));
if (pos->bh)
get_bh(pos->bh);
ret = 1;
}
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__udf_clear_extent_cache(inode);
if (pos->bh)
get_bh(pos->bh);
memcpy(&iinfo->cached_extent.epos, pos, sizeof(*pos));
iinfo->cached_extent.lstart = estart;
switch (iinfo->i_alloc_type) {
case ICBTAG_FLAG_AD_SHORT:
iinfo->cached_extent.epos.offset -= sizeof(struct short_ad);
break;
Reported by FlawFinder.
Line: 292
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kaddr = kmap_atomic(page);
memset(kaddr + iinfo->i_lenAlloc, 0x00,
PAGE_SIZE - iinfo->i_lenAlloc);
memcpy(kaddr, iinfo->i_data + iinfo->i_lenEAttr,
iinfo->i_lenAlloc);
flush_dcache_page(page);
SetPageUptodate(page);
kunmap_atomic(kaddr);
}
Reported by FlawFinder.
Line: 315
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lock_page(page);
down_write(&iinfo->i_data_sem);
kaddr = kmap_atomic(page);
memcpy(iinfo->i_data + iinfo->i_lenEAttr, kaddr, inode->i_size);
kunmap_atomic(kaddr);
unlock_page(page);
iinfo->i_alloc_type = ICBTAG_FLAG_AD_IN_ICB;
inode->i_data.a_ops = &udf_adinicb_aops;
up_write(&iinfo->i_data_sem);
Reported by FlawFinder.
Line: 1374
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ie->indirectICB.extLength) {
brelse(ibh);
memcpy(&iinfo->i_location, &loc,
sizeof(struct kernel_lb_addr));
if (++indirections > UDF_MAX_ICB_NESTING) {
udf_err(inode->i_sb,
"too many ICBs in ICB hierarchy"
" (max %d supported)\n",
Reported by FlawFinder.
Line: 1419
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct extendedFileEntry));
if (ret)
goto out;
memcpy(iinfo->i_data,
bh->b_data + sizeof(struct extendedFileEntry),
bs - sizeof(struct extendedFileEntry));
} else if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_FE)) {
iinfo->i_efe = 0;
iinfo->i_use = 0;
Reported by FlawFinder.
drivers/bluetooth/btusb.c
16 issues
Line: 1956
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct intel_version *ver)
{
const struct firmware *fw;
char fwname[64];
int ret;
snprintf(fwname, sizeof(fwname),
"intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
ver->hw_platform, ver->hw_variant, ver->hw_revision,
Reported by FlawFinder.
Line: 2515
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 *boot_param)
{
const struct firmware *fw;
char fwname[64];
int err;
struct btusb_data *data = hci_get_drvdata(hdev);
ktime_t calltime;
if (!ver || !boot_param)
Reported by FlawFinder.
Line: 2622
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 *boot_param)
{
const struct firmware *fw;
char fwname[64];
int err;
struct btusb_data *data = hci_get_drvdata(hdev);
ktime_t calltime;
if (!ver || !params)
Reported by FlawFinder.
Line: 2851
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct intel_version ver;
struct intel_boot_params params;
u32 boot_param;
char ddcname[64];
int err;
struct intel_debug_features features;
BT_DBG("%s", hdev->name);
Reported by FlawFinder.
Line: 2951
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct btusb_data *data = hci_get_drvdata(hdev);
u32 boot_param;
char ddcname[64];
int err;
struct intel_debug_features features;
struct intel_version_tlv version;
bt_dev_dbg(hdev, "");
Reported by FlawFinder.
Line: 3347
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->op = wmt_params->op;
hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
hdr->flag = wmt_params->flag;
memcpy(wc->data, wmt_params->data, wmt_params->dlen);
set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
Reported by FlawFinder.
Line: 3470
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
retry = 20;
while (retry > 0) {
cmd[0] = 0; /* 0 means legacy dl mode. */
memcpy(cmd + 1,
fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE +
MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
MTK_SEC_MAP_COMMON_SIZE,
MTK_SEC_MAP_NEED_SEND_SIZE + 1);
Reported by FlawFinder.
Line: 3699
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *fwname;
int err, status;
u32 dev_id;
char fw_bin_name[64];
u32 fw_version = 0;
u8 param;
calltime = ktime_get();
Reported by FlawFinder.
Line: 3916
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[0] = 0xfe;
buf[1] = sizeof(bdaddr_t);
memcpy(buf + 2, bdaddr, sizeof(bdaddr_t));
skb = __hci_cmd_sync(hdev, 0xfc22, sizeof(buf), buf, HCI_INIT_TIMEOUT);
if (IS_ERR(skb)) {
ret = PTR_ERR(skb);
bt_dev_err(hdev, "changing Marvell device address failed (%ld)",
Reported by FlawFinder.
Line: 3941
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[1] = 0x01;
buf[2] = 0x00;
buf[3] = sizeof(bdaddr_t);
memcpy(buf + 4, bdaddr, sizeof(bdaddr_t));
skb = __hci_cmd_sync(hdev, 0xfc0b, sizeof(buf), buf, HCI_INIT_TIMEOUT);
if (IS_ERR(skb)) {
ret = PTR_ERR(skb);
bt_dev_err(hdev, "Change address command failed (%ld)", ret);
Reported by FlawFinder.
drivers/hwmon/w83792d.c
16 issues
Line: 348
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *sensor_attr = to_sensor_dev_attr(attr);
int nr = sensor_attr->index;
struct w83792d_data *data = w83792d_update_device(dev);
return sprintf(buf, "%ld\n",
IN_FROM_REG(nr, in_count_from_reg(nr, data)));
}
#define show_in_reg(reg) \
static ssize_t show_##reg(struct device *dev, struct device_attribute *attr, \
Reported by FlawFinder.
Line: 360
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
= to_sensor_dev_attr(attr); \
int nr = sensor_attr->index; \
struct w83792d_data *data = w83792d_update_device(dev); \
return sprintf(buf, "%ld\n", \
(long)(IN_FROM_REG(nr, data->reg[nr]) * 4)); \
}
show_in_reg(in_min);
show_in_reg(in_max);
Reported by FlawFinder.
Line: 400
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
= to_sensor_dev_attr(attr); \
int nr = sensor_attr->index - 1; \
struct w83792d_data *data = w83792d_update_device(dev); \
return sprintf(buf, "%d\n", \
FAN_FROM_REG(data->reg[nr], DIV_FROM_REG(data->fan_div[nr]))); \
}
show_fan_reg(fan);
show_fan_reg(fan_min);
Reported by FlawFinder.
Line: 438
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *sensor_attr = to_sensor_dev_attr(attr);
int nr = sensor_attr->index;
struct w83792d_data *data = w83792d_update_device(dev);
return sprintf(buf, "%u\n", DIV_FROM_REG(data->fan_div[nr - 1]));
}
/*
* Note: we save and restore the fan minimum here, because its value is
* determined in part by the fan divisor. This follows the principle of
Reported by FlawFinder.
Line: 496
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *sensor_attr = to_sensor_dev_attr(attr);
int nr = sensor_attr->index;
struct w83792d_data *data = w83792d_update_device(dev);
return sprintf(buf, "%d\n", TEMP1_FROM_REG(data->temp1[nr]));
}
static ssize_t store_temp1(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 532
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = sensor_attr->nr;
int index = sensor_attr->index;
struct w83792d_data *data = w83792d_update_device(dev);
return sprintf(buf, "%ld\n",
(long)TEMP_ADD_FROM_REG(data->temp_add[nr][index],
data->temp_add[nr][index+1]));
}
static ssize_t store_temp23(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 570
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
alarms_show(struct device *dev, struct device_attribute *attr, char *buf)
{
struct w83792d_data *data = w83792d_update_device(dev);
return sprintf(buf, "%d\n", data->alarms);
}
static ssize_t show_alarm(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 579
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *sensor_attr = to_sensor_dev_attr(attr);
int nr = sensor_attr->index;
struct w83792d_data *data = w83792d_update_device(dev);
return sprintf(buf, "%d\n", (data->alarms >> nr) & 1);
}
static ssize_t
show_pwm(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 589
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *sensor_attr = to_sensor_dev_attr(attr);
int nr = sensor_attr->index;
struct w83792d_data *data = w83792d_update_device(dev);
return sprintf(buf, "%d\n", (data->pwm[nr] & 0x0f) << 4);
}
static ssize_t
show_pwmenable(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 613
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
return sprintf(buf, "%ld\n", pwm_enable_tmp);
}
static ssize_t
store_pwm(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/hwtracing/coresight/coresight-core.c
16 issues
Line: 163
Column: 45
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static inline u32 coresight_read_claim_tags(struct coresight_device *csdev)
{
return csdev_access_relaxed_read32(&csdev->access, CORESIGHT_CLAIMCLR);
}
static inline bool coresight_is_claimed_self_hosted(struct coresight_device *csdev)
{
return coresight_read_claim_tags(csdev) == CORESIGHT_CLAIM_SELF_HOSTED;
Reported by FlawFinder.
Line: 178
Column: 39
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static inline void coresight_set_claim_tags(struct coresight_device *csdev)
{
csdev_access_relaxed_write32(&csdev->access, CORESIGHT_CLAIM_SELF_HOSTED,
CORESIGHT_CLAIMSET);
isb();
}
static inline void coresight_clear_claim_tags(struct coresight_device *csdev)
Reported by FlawFinder.
Line: 185
Column: 39
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static inline void coresight_clear_claim_tags(struct coresight_device *csdev)
{
csdev_access_relaxed_write32(&csdev->access, CORESIGHT_CLAIM_SELF_HOSTED,
CORESIGHT_CLAIMCLR);
isb();
}
/*
Reported by FlawFinder.
Line: 224
Column: 19
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (WARN_ON(!csdev))
return -EINVAL;
CS_UNLOCK(csdev->access.base);
rc = coresight_claim_device_unlocked(csdev);
CS_LOCK(csdev->access.base);
return rc;
}
Reported by FlawFinder.
Line: 226
Column: 17
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
CS_UNLOCK(csdev->access.base);
rc = coresight_claim_device_unlocked(csdev);
CS_LOCK(csdev->access.base);
return rc;
}
EXPORT_SYMBOL_GPL(coresight_claim_device);
Reported by FlawFinder.
Line: 259
Column: 19
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (WARN_ON(!csdev))
return;
CS_UNLOCK(csdev->access.base);
coresight_disclaim_device_unlocked(csdev);
CS_LOCK(csdev->access.base);
}
EXPORT_SYMBOL_GPL(coresight_disclaim_device);
Reported by FlawFinder.
Line: 261
Column: 17
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
CS_UNLOCK(csdev->access.base);
coresight_disclaim_device_unlocked(csdev);
CS_LOCK(csdev->access.base);
}
EXPORT_SYMBOL_GPL(coresight_disclaim_device);
/* enable or disable an associated CTI device of the supplied CS device */
static int
Reported by FlawFinder.
Line: 1502
Column: 45
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
u32 coresight_relaxed_read32(struct coresight_device *csdev, u32 offset)
{
return csdev_access_relaxed_read32(&csdev->access, offset);
}
u32 coresight_read32(struct coresight_device *csdev, u32 offset)
{
return csdev_access_read32(&csdev->access, offset);
Reported by FlawFinder.
Line: 1507
Column: 37
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
u32 coresight_read32(struct coresight_device *csdev, u32 offset)
{
return csdev_access_read32(&csdev->access, offset);
}
void coresight_relaxed_write32(struct coresight_device *csdev,
u32 val, u32 offset)
{
Reported by FlawFinder.
Line: 1513
Column: 39
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
void coresight_relaxed_write32(struct coresight_device *csdev,
u32 val, u32 offset)
{
csdev_access_relaxed_write32(&csdev->access, val, offset);
}
void coresight_write32(struct coresight_device *csdev, u32 val, u32 offset)
{
csdev_access_write32(&csdev->access, val, offset);
Reported by FlawFinder.