The following issues were found
tools/perf/util/map.c
15 issues
Line: 47
Column: 12
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (libname)
lib_length = strlen(libname);
app_abi = getenv("APP_ABI");
if (!app_abi)
return false;
app_abi_length = strlen(app_abi);
Reported by FlawFinder.
Line: 61
Column: 14
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
new_length = 7 + app_abi_length + lib_length;
apk_path = getenv("APK_PATH");
if (apk_path) {
new_length += strlen(apk_path) + 1;
if (new_length > PATH_MAX)
return false;
snprintf(newfilename, new_length,
Reported by FlawFinder.
Line: 82
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *arch;
int ndk_length, app_length;
ndk = getenv("NDK_ROOT");
app = getenv("APP_PLATFORM");
if (!(ndk && app))
return false;
Reported by FlawFinder.
Line: 83
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
int ndk_length, app_length;
ndk = getenv("NDK_ROOT");
app = getenv("APP_PLATFORM");
if (!(ndk && app))
return false;
ndk_length = strlen(ndk);
Reported by FlawFinder.
Line: 140
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nsinfo *nnsi;
if (map != NULL) {
char newfilename[PATH_MAX];
struct dso *dso;
int anon, no_dso, vdso, android;
android = is_android_lib(filename);
anon = is_anon_memory(filename) || flags & MAP_HUGETLB;
Reported by FlawFinder.
Line: 335
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
nr = dso__load(map->dso, map);
if (nr < 0) {
if (map->dso->has_build_id) {
char sbuild_id[SBUILD_ID_SIZE];
build_id__sprintf(&map->dso->bid, sbuild_id);
pr_debug("%s with build id %s not found", name, sbuild_id);
} else
pr_debug("Failed to open %s", name);
Reported by FlawFinder.
Line: 409
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t map__fprintf_dsoname(struct map *map, FILE *fp)
{
char buf[symbol_conf.pad_output_len_dso + 1];
const char *dsoname = "[unknown]";
if (map && map->dso) {
if (symbol_conf.show_kernel_path && map->dso->long_name)
dsoname = map->dso->long_name;
Reported by FlawFinder.
Line: 45
Column: 16
CWE codes:
126
libname = strrchr(filename, '/');
if (libname)
lib_length = strlen(libname);
app_abi = getenv("APP_ABI");
if (!app_abi)
return false;
Reported by FlawFinder.
Line: 51
Column: 19
CWE codes:
126
if (!app_abi)
return false;
app_abi_length = strlen(app_abi);
if (strstarts(filename, "/data/app-lib/")) {
char *apk_path;
if (!app_abi_length)
Reported by FlawFinder.
Line: 63
Column: 18
CWE codes:
126
apk_path = getenv("APK_PATH");
if (apk_path) {
new_length += strlen(apk_path) + 1;
if (new_length > PATH_MAX)
return false;
snprintf(newfilename, new_length,
"%s/libs/%s/%s", apk_path, app_abi, libname);
} else {
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
15 issues
Line: 894
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
IXGBEVF_RX_HDR_SIZE);
/* align pull length to size of long to optimize memcpy performance */
memcpy(__skb_put(skb, headlen), xdp->data,
ALIGN(headlen, sizeof(long)));
/* update all of the pointers */
size -= headlen;
if (size) {
Reported by FlawFinder.
Line: 4568
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&hw->mac.ops, ii->mac_ops, sizeof(hw->mac.ops));
hw->mac.type = ii->mac;
memcpy(&hw->mbx.ops, &ixgbevf_mbx_ops,
sizeof(struct ixgbe_mbx_operations));
/* setup the private structure */
err = ixgbevf_sw_init(adapter);
if (err)
Reported by FlawFinder.
Line: 4655
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err)
goto err_sw_init;
strcpy(netdev->name, "eth%d");
err = register_netdev(netdev);
if (err)
goto err_register;
Reported by FlawFinder.
Line: 678
Column: 12
CWE codes:
120
20
/* Refresh the desc even if pkt_addr didn't change
* because each write-back erases this info.
*/
rx_desc->read.pkt_addr = cpu_to_le64(bi->dma + bi->page_offset);
rx_desc++;
bi++;
i++;
if (unlikely(!i)) {
Reported by FlawFinder.
Line: 1027
Column: 11
CWE codes:
120
20
cmd_type |= len | IXGBE_TXD_CMD;
tx_desc = IXGBEVF_TX_DESC(ring, i);
tx_desc->read.buffer_addr = cpu_to_le64(dma);
tx_desc->read.cmd_type_len = cpu_to_le32(cmd_type);
tx_desc->read.olinfo_status =
cpu_to_le32((len << IXGBE_ADVTXD_PAYLEN_SHIFT) |
IXGBE_ADVTXD_CC);
Reported by FlawFinder.
Line: 1029
Column: 11
CWE codes:
120
20
tx_desc = IXGBEVF_TX_DESC(ring, i);
tx_desc->read.buffer_addr = cpu_to_le64(dma);
tx_desc->read.cmd_type_len = cpu_to_le32(cmd_type);
tx_desc->read.olinfo_status =
cpu_to_le32((len << IXGBE_ADVTXD_PAYLEN_SHIFT) |
IXGBE_ADVTXD_CC);
/* Avoid any potential race with cleanup */
Reported by FlawFinder.
Line: 1030
Column: 11
CWE codes:
120
20
tx_desc->read.buffer_addr = cpu_to_le64(dma);
tx_desc->read.cmd_type_len = cpu_to_le32(cmd_type);
tx_desc->read.olinfo_status =
cpu_to_le32((len << IXGBE_ADVTXD_PAYLEN_SHIFT) |
IXGBE_ADVTXD_CC);
/* Avoid any potential race with cleanup */
smp_wmb();
Reported by FlawFinder.
Line: 3936
Column: 11
CWE codes:
120
20
*/
olinfo_status |= cpu_to_le32(IXGBE_ADVTXD_CC);
tx_desc->read.olinfo_status = olinfo_status;
}
static void ixgbevf_tx_map(struct ixgbevf_ring *tx_ring,
struct ixgbevf_tx_buffer *first,
const u8 hdr_len)
Reported by FlawFinder.
Line: 3972
Column: 12
CWE codes:
120
20
dma_unmap_len_set(tx_buffer, len, size);
dma_unmap_addr_set(tx_buffer, dma, dma);
tx_desc->read.buffer_addr = cpu_to_le64(dma);
while (unlikely(size > IXGBE_MAX_DATA_PER_TXD)) {
tx_desc->read.cmd_type_len =
cmd_type | cpu_to_le32(IXGBE_MAX_DATA_PER_TXD);
Reported by FlawFinder.
Line: 3975
Column: 13
CWE codes:
120
20
tx_desc->read.buffer_addr = cpu_to_le64(dma);
while (unlikely(size > IXGBE_MAX_DATA_PER_TXD)) {
tx_desc->read.cmd_type_len =
cmd_type | cpu_to_le32(IXGBE_MAX_DATA_PER_TXD);
i++;
tx_desc++;
if (i == tx_ring->count) {
Reported by FlawFinder.
tools/perf/util/cs-etm.c
15 issues
Line: 2557
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if ((magic != __perf_cs_etmv3_magic) &&
(magic != __perf_cs_etmv4_magic)) {
/* failure - note bad magic value */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
}
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
Reported by FlawFinder.
Line: 2562
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_CPU], val[i++]);
if (magic == __perf_cs_etmv3_magic) {
nr_params = CS_ETM_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETM_ETMCR;
Reported by FlawFinder.
Line: 2563
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_CPU], val[i++]);
if (magic == __perf_cs_etmv3_magic) {
nr_params = CS_ETM_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETM_ETMCR;
/* after common block, offset format index past NR_PARAMS */
Reported by FlawFinder.
Line: 2570
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fmt_offset = CS_ETM_ETMCR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
} else if (magic == __perf_cs_etmv4_magic) {
nr_params = CS_ETMV4_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETMV4_TRCCONFIGR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
Reported by FlawFinder.
Line: 2576
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fmt_offset = CS_ETMV4_TRCCONFIGR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
*offset = i;
return 0;
}
Reported by FlawFinder.
Line: 2595
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETM_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
}
} else if (magic == __perf_cs_etmv4_magic) {
for (j = 0; j < total_params; j++, i++) {
Reported by FlawFinder.
Line: 2597
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (j >= CS_ETM_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
}
} else if (magic == __perf_cs_etmv4_magic) {
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETMV4_PRIV_MAX)
Reported by FlawFinder.
Line: 2603
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETMV4_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
} else {
/* failure - note bad magic value and error out */
Reported by FlawFinder.
Line: 2605
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (j >= CS_ETMV4_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
} else {
/* failure - note bad magic value and error out */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
Reported by FlawFinder.
Line: 2609
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
} else {
/* failure - note bad magic value and error out */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
}
*offset = i;
return 0;
}
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
15 issues
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum {NETDEV_STATS, IXGBE_STATS};
struct ixgbe_stats {
char stat_string[ETH_GSTRING_LEN];
int type;
int sizeof_stat;
int stat_offset;
};
Reported by FlawFinder.
Line: 1029
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < eeprom_len; i++)
le16_to_cpus(&eeprom_buff[i]);
memcpy(bytes, (u8 *)eeprom_buff + (eeprom->offset & 1), eeprom->len);
kfree(eeprom_buff);
return ret_val;
}
Reported by FlawFinder.
Line: 1087
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < last_word - first_word + 1; i++)
le16_to_cpus(&eeprom_buff[i]);
memcpy(ptr, bytes, eeprom->len);
for (i = 0; i < last_word - first_word + 1; i++)
cpu_to_le16s(&eeprom_buff[i]);
ret_val = hw->eeprom.ops.write_buffer(hw, first_word,
Reported by FlawFinder.
Line: 1195
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (new_tx_count != adapter->tx_ring_count) {
for (i = 0; i < adapter->num_tx_queues; i++) {
memcpy(&temp_ring[i], adapter->tx_ring[i],
sizeof(struct ixgbe_ring));
temp_ring[i].count = new_tx_count;
err = ixgbe_setup_tx_resources(&temp_ring[i]);
if (err) {
Reported by FlawFinder.
Line: 1210
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (j = 0; j < adapter->num_xdp_queues; j++, i++) {
memcpy(&temp_ring[i], adapter->xdp_ring[j],
sizeof(struct ixgbe_ring));
temp_ring[i].count = new_tx_count;
err = ixgbe_setup_tx_resources(&temp_ring[i]);
if (err) {
Reported by FlawFinder.
Line: 1227
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < adapter->num_tx_queues; i++) {
ixgbe_free_tx_resources(adapter->tx_ring[i]);
memcpy(adapter->tx_ring[i], &temp_ring[i],
sizeof(struct ixgbe_ring));
}
for (j = 0; j < adapter->num_xdp_queues; j++, i++) {
ixgbe_free_tx_resources(adapter->xdp_ring[j]);
Reported by FlawFinder.
Line: 1233
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (j = 0; j < adapter->num_xdp_queues; j++, i++) {
ixgbe_free_tx_resources(adapter->xdp_ring[j]);
memcpy(adapter->xdp_ring[j], &temp_ring[i],
sizeof(struct ixgbe_ring));
}
adapter->tx_ring_count = new_tx_count;
}
Reported by FlawFinder.
Line: 1243
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Repeat the process for the Rx rings if needed */
if (new_rx_count != adapter->rx_ring_count) {
for (i = 0; i < adapter->num_rx_queues; i++) {
memcpy(&temp_ring[i], adapter->rx_ring[i],
sizeof(struct ixgbe_ring));
/* Clear copied XDP RX-queue info */
memset(&temp_ring[i].xdp_rxq, 0,
sizeof(temp_ring[i].xdp_rxq));
Reported by FlawFinder.
Line: 1265
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < adapter->num_rx_queues; i++) {
ixgbe_free_rx_resources(adapter->rx_ring[i]);
memcpy(adapter->rx_ring[i], &temp_ring[i],
sizeof(struct ixgbe_ring));
}
adapter->rx_ring_count = new_rx_count;
}
Reported by FlawFinder.
Line: 1402
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* BUG_ON(p - data != IXGBE_STATS_LEN * ETH_GSTRING_LEN); */
break;
case ETH_SS_PRIV_FLAGS:
memcpy(data, ixgbe_priv_flags_strings,
IXGBE_PRIV_FLAGS_STR_LEN * ETH_GSTRING_LEN);
}
}
static int ixgbe_link_test(struct ixgbe_adapter *adapter, u64 *data)
Reported by FlawFinder.
drivers/clk/zynqmp/clkc.c
15 issues
Line: 561
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(parents[i].name, "dummy_name");
parent_list[i] = parents[i].name;
} else {
strcat(parents[i].name,
clk_type_postfix[clk_nodes[parents[i].flag - 1].
type]);
parent_list[i] = parents[i].name;
}
}
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @flag: Parent flags
*/
struct clock_parent {
char name[MAX_NAME_LEN];
int id;
u32 flag;
};
/**
Reported by FlawFinder.
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @clk_id: Clock id
*/
struct zynqmp_clock {
char clk_name[MAX_NAME_LEN];
u32 valid;
enum clk_type type;
struct clock_topology node[MAX_NODES];
u32 num_nodes;
struct clock_parent parent[MAX_PARENT];
Reported by FlawFinder.
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct name_resp {
char name[CLK_GET_NAME_RESP_LEN];
};
struct topology_resp {
#define CLK_TOPOLOGY_TYPE GENMASK(3, 0)
#define CLK_TOPOLOGY_CUSTOM_TYPE_FLAGS GENMASK(7, 4)
Reported by FlawFinder.
Line: 235
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qdata.arg1 = clock_id;
zynqmp_pm_query_data(qdata, ret_payload);
memcpy(response, ret_payload, sizeof(*response));
return 0;
}
/**
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qdata.arg2 = index;
ret = zynqmp_pm_query_data(qdata, ret_payload);
memcpy(response, &ret_payload[1], sizeof(*response));
return ret;
}
unsigned long zynqmp_clk_map_common_ccf_flags(const u32 zynqmp_flag)
Reported by FlawFinder.
Line: 366
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qdata.arg2 = index;
ret = zynqmp_pm_query_data(qdata, ret_payload);
memcpy(response, &ret_payload[1], sizeof(*response));
return ret;
}
/**
Reported by FlawFinder.
Line: 391
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qdata.arg1 = clock_id;
ret = zynqmp_pm_query_data(qdata, ret_payload);
memcpy(response, &ret_payload[1], sizeof(*response));
return ret;
}
/**
Reported by FlawFinder.
Line: 485
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
parent = &parents[i];
parent->id = FIELD_GET(CLK_PARENTS_ID, response->parents[i]);
if (response->parents[i] == DUMMY_PARENT) {
strcpy(parent->name, "dummy_name");
parent->flag = 0;
} else {
parent->flag = FIELD_GET(CLK_PARENTS_FLAGS,
response->parents[i]);
if (zynqmp_get_clock_name(parent->id, parent->name))
Reported by FlawFinder.
Line: 558
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ret = of_property_match_string(np, "clock-names",
parents[i].name);
if (ret < 0)
strcpy(parents[i].name, "dummy_name");
parent_list[i] = parents[i].name;
} else {
strcat(parents[i].name,
clk_type_postfix[clk_nodes[parents[i].flag - 1].
type]);
Reported by FlawFinder.
fs/ocfs2/dlm/dlmdomain.c
15 issues
Line: 1060
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qr->qr_node = dlm->node_num;
qr->qr_namelen = strlen(dlm->name);
memcpy(qr->qr_domain, dlm->name, qr->qr_namelen);
/* if local hb, the numregions will be zero */
if (o2hb_global_heartbeat_active())
qr->qr_numregions = o2hb_get_all_regions(qr->qr_regions,
O2NM_MAX_REGIONS);
Reported by FlawFinder.
Line: 1246
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qn->qn_nodenum = dlm->node_num;
qn->qn_numnodes = count;
qn->qn_namelen = strlen(dlm->name);
memcpy(qn->qn_domain, dlm->name, qn->qn_namelen);
i = -1;
while ((i = find_next_bit(node_map, O2NM_MAX_NODES,
i + 1)) < O2NM_MAX_NODES) {
if (i == dlm->node_num)
Reported by FlawFinder.
Line: 1359
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&cancel_msg, 0, sizeof(cancel_msg));
cancel_msg.node_idx = dlm->node_num;
cancel_msg.name_len = strlen(dlm->name);
memcpy(cancel_msg.domain, dlm->name, cancel_msg.name_len);
status = o2net_send_message(DLM_CANCEL_JOIN_MSG, DLM_MOD_KEY,
&cancel_msg, sizeof(cancel_msg), node,
NULL);
if (status < 0) {
Reported by FlawFinder.
Line: 1426
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&join_msg, 0, sizeof(join_msg));
join_msg.node_idx = dlm->node_num;
join_msg.name_len = strlen(dlm->name);
memcpy(join_msg.domain, dlm->name, join_msg.name_len);
join_msg.dlm_proto = dlm->dlm_locking_proto;
join_msg.fs_proto = dlm->fs_locking_proto;
/* copy live node map to join message */
byte_copymap(join_msg.node_map, dlm->live_nodes_map, O2NM_MAX_NODES);
Reported by FlawFinder.
Line: 1511
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&assert_msg, 0, sizeof(assert_msg));
assert_msg.node_idx = dlm->node_num;
assert_msg.name_len = strlen(dlm->name);
memcpy(assert_msg.domain, dlm->name, assert_msg.name_len);
status = o2net_send_message(DLM_ASSERT_JOINED_MSG, DLM_MOD_KEY,
&assert_msg, sizeof(assert_msg), node,
&ret);
if (status < 0)
Reported by FlawFinder.
Line: 1646
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* yes_resp_map. Copy that into our domain map and send a join
* assert message to clean up everyone elses state. */
spin_lock(&dlm->spinlock);
memcpy(dlm->domain_map, ctxt->yes_resp_map,
sizeof(ctxt->yes_resp_map));
set_bit(dlm->node_num, dlm->domain_map);
spin_unlock(&dlm->spinlock);
/* Support for global heartbeat and node info was added in 1.1 */
Reported by FlawFinder.
Line: 1857
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int status;
unsigned int backoff;
unsigned int total_backoff = 0;
char wq_name[O2NM_MAX_NAME_LEN];
BUG_ON(!dlm);
mlog(0, "Join domain %s\n", dlm->name);
Reported by FlawFinder.
Line: 253
Column: 7
CWE codes:
126
/* tmp->name here is always NULL terminated,
* but domain may not be! */
list_for_each_entry(tmp, &dlm_domains, list) {
if (strlen(tmp->name) == len &&
memcmp(tmp->name, domain, len)==0)
return tmp;
}
return NULL;
Reported by FlawFinder.
Line: 266
Column: 42
CWE codes:
126
{
assert_spin_locked(&dlm_domain_lock);
return __dlm_lookup_domain_full(domain, strlen(domain));
}
/* returns true on one of two conditions:
* 1) the domain does not exist
Reported by FlawFinder.
Line: 1059
Column: 19
CWE codes:
126
}
qr->qr_node = dlm->node_num;
qr->qr_namelen = strlen(dlm->name);
memcpy(qr->qr_domain, dlm->name, qr->qr_namelen);
/* if local hb, the numregions will be zero */
if (o2hb_global_heartbeat_active())
qr->qr_numregions = o2hb_get_all_regions(qr->qr_regions,
O2NM_MAX_REGIONS);
Reported by FlawFinder.
tools/perf/scripts/python/stackcollapse.py
15 issues
Line: 32
Column: 1
sys.path.append(os.environ['PERF_EXEC_PATH'] + \
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from Core import *
from EventClass import *
# command line parsing
Reported by Pylint.
Line: 33
Column: 1
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from Core import *
from EventClass import *
# command line parsing
option_list = [
Reported by Pylint.
Line: 34
Column: 1
from perf_trace_context import *
from Core import *
from EventClass import *
# command line parsing
option_list = [
# formatting options for the bottom entry of the stack
Reported by Pylint.
Line: 27
Column: 1
import os
import sys
from collections import defaultdict
from optparse import OptionParser, make_option
sys.path.append(os.environ['PERF_EXEC_PATH'] + \
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
Reported by Pylint.
Line: 32
Column: 1
sys.path.append(os.environ['PERF_EXEC_PATH'] + \
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from Core import *
from EventClass import *
# command line parsing
Reported by Pylint.
Line: 33
Column: 1
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from Core import *
from EventClass import *
# command line parsing
option_list = [
Reported by Pylint.
Line: 34
Column: 1
from perf_trace_context import *
from Core import *
from EventClass import *
# command line parsing
option_list = [
# formatting options for the bottom entry of the stack
Reported by Pylint.
Line: 125
Column: 5
lines[stack_string] = lines[stack_string] + 1
def trace_end():
list = sorted(lines)
for stack in list:
print("%s %d" % (stack, lines[stack]))
Reported by Pylint.
Line: 1
Column: 1
# stackcollapse.py - format perf samples with one line per distinct call stack
# SPDX-License-Identifier: GPL-2.0
#
# This script's output has two space-separated fields. The first is a semicolon
# separated stack including the program name (from the "comm" field) and the
# function names from the call stack. The second is a count:
#
# swapper;start_kernel;rest_init;cpu_idle;default_idle;native_safe_halt 2
#
Reported by Pylint.
Line: 32
Column: 1
sys.path.append(os.environ['PERF_EXEC_PATH'] + \
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from Core import *
from EventClass import *
# command line parsing
Reported by Pylint.
drivers/clk/clk-stm32f4.c
15 issues
Line: 587
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct stm32f4_pll_data {
u8 pll_num;
u8 n_start;
const char *div_name[MAX_PLL_DIV];
};
static const struct stm32f4_pll_data stm32f429_pll[MAX_PLL_DIV] = {
{ PLL, 192, { "pll", "pll48", NULL } },
{ PLL_I2S, 192, { NULL, "plli2s-q", "plli2s-r" } },
Reported by FlawFinder.
Line: 1119
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ 0 },
};
static const char *rtc_parents[4] = {
"no-clock", "lse", "lsi", "hse-rtc"
};
static const char *pll_src = "pll-src";
Reported by FlawFinder.
Line: 1125
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *pll_src = "pll-src";
static const char *pllsrc_parent[2] = { "hsi", NULL };
static const char *dsi_parent[2] = { NULL, "pll-r" };
static const char *lcd_parent[1] = { "pllsai-r-div" };
Reported by FlawFinder.
Line: 1127
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *pllsrc_parent[2] = { "hsi", NULL };
static const char *dsi_parent[2] = { NULL, "pll-r" };
static const char *lcd_parent[1] = { "pllsai-r-div" };
static const char *i2s_parents[2] = { "plli2s-r", NULL };
Reported by FlawFinder.
Line: 1129
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *dsi_parent[2] = { NULL, "pll-r" };
static const char *lcd_parent[1] = { "pllsai-r-div" };
static const char *i2s_parents[2] = { "plli2s-r", NULL };
static const char *sai_parents[4] = { "pllsai-q-div", "plli2s-q-div", NULL,
"no-clock" };
Reported by FlawFinder.
Line: 1131
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *lcd_parent[1] = { "pllsai-r-div" };
static const char *i2s_parents[2] = { "plli2s-r", NULL };
static const char *sai_parents[4] = { "pllsai-q-div", "plli2s-q-div", NULL,
"no-clock" };
static const char *pll48_parents[2] = { "pll-q", "pllsai-p" };
Reported by FlawFinder.
Line: 1133
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *i2s_parents[2] = { "plli2s-r", NULL };
static const char *sai_parents[4] = { "pllsai-q-div", "plli2s-q-div", NULL,
"no-clock" };
static const char *pll48_parents[2] = { "pll-q", "pllsai-p" };
static const char *sdmux_parents[2] = { "pll48", "sys" };
Reported by FlawFinder.
Line: 1136
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *sai_parents[4] = { "pllsai-q-div", "plli2s-q-div", NULL,
"no-clock" };
static const char *pll48_parents[2] = { "pll-q", "pllsai-p" };
static const char *sdmux_parents[2] = { "pll48", "sys" };
static const char *hdmi_parents[2] = { "lse", "hsi_div488" };
Reported by FlawFinder.
Line: 1138
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *pll48_parents[2] = { "pll-q", "pllsai-p" };
static const char *sdmux_parents[2] = { "pll48", "sys" };
static const char *hdmi_parents[2] = { "lse", "hsi_div488" };
static const char *spdif_parent[1] = { "plli2s-p" };
Reported by FlawFinder.
Line: 1140
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *sdmux_parents[2] = { "pll48", "sys" };
static const char *hdmi_parents[2] = { "lse", "hsi_div488" };
static const char *spdif_parent[1] = { "plli2s-p" };
static const char *lptim_parent[4] = { "apb1_mul", "lsi", "hsi", "lse" };
Reported by FlawFinder.
net/core/sock.c
15 issues
Line: 231
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
x "AF_QIPCRTR", x "AF_SMC" , x "AF_XDP" , \
x "AF_MAX"
static const char *const af_family_key_strings[AF_MAX+1] = {
_sock_locks("sk_lock-")
};
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
Reported by FlawFinder.
Line: 234
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_key_strings[AF_MAX+1] = {
_sock_locks("sk_lock-")
};
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
static const char *const af_family_clock_key_strings[AF_MAX+1] = {
_sock_locks("clock-")
};
Reported by FlawFinder.
Line: 237
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
static const char *const af_family_clock_key_strings[AF_MAX+1] = {
_sock_locks("clock-")
};
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
Reported by FlawFinder.
Line: 241
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_sock_locks("clock-")
};
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
};
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
Reported by FlawFinder.
Line: 244
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
};
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
Reported by FlawFinder.
Line: 247
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
Reported by FlawFinder.
Line: 250
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
Reported by FlawFinder.
Line: 253
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
static const char *const af_family_elock_key_strings[AF_MAX+1] = {
_sock_locks("elock-")
};
Reported by FlawFinder.
Line: 256
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
static const char *const af_family_elock_key_strings[AF_MAX+1] = {
_sock_locks("elock-")
};
/*
* sk_callback_lock and sk queues locking rules are per-address-family,
Reported by FlawFinder.
Line: 632
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret = -ENOPROTOOPT;
#ifdef CONFIG_NETDEVICES
struct net *net = sock_net(sk);
char devname[IFNAMSIZ];
int index;
ret = -EINVAL;
if (optlen < 0)
goto out;
Reported by FlawFinder.
drivers/scsi/qla2xxx/qla_dbg.c
15 issues
Line: 94
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct req_que *req = ha->req_q_map[0];
struct rsp_que *rsp = ha->rsp_q_map[0];
/* Request queue. */
memcpy(ptr, req->ring, req->length *
sizeof(request_t));
/* Response queue. */
ptr += req->length * sizeof(request_t);
memcpy(ptr, rsp->ring, rsp->length *
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Response queue. */
ptr += req->length * sizeof(request_t);
memcpy(ptr, rsp->ring, rsp->length *
sizeof(response_t));
return ptr + (rsp->length * sizeof(response_t));
}
Reported by FlawFinder.
Line: 479
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ha->eft)
return ptr;
memcpy(ptr, ha->eft, ntohl(ha->fw_dump->eft_size));
return ptr + ntohl(ha->fw_dump->eft_size);
}
static inline void *
qla25xx_copy_fce(struct qla_hw_data *ha, void *ptr, __be32 **last_chain)
Reported by FlawFinder.
Line: 505
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (cnt = 0; cnt < 8; cnt++)
*iter_reg++ = htonl(ha->fce_mb[cnt]);
memcpy(iter_reg, ha->fce, ntohl(fcec->size));
return (char *)iter_reg + ntohl(fcec->size);
}
static inline void *
Reported by FlawFinder.
Line: 527
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c->addr = cpu_to_be64(ha->exlogin_buf_dma);
ptr += sizeof(struct qla2xxx_offld_chain);
memcpy(ptr, ha->exlogin_buf, ha->exlogin_size);
return (char *)ptr + be32_to_cpu(c->size);
}
static inline void *
Reported by FlawFinder.
Line: 549
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c->addr = cpu_to_be64(ha->exchoffld_buf_dma);
ptr += sizeof(struct qla2xxx_offld_chain);
memcpy(ptr, ha->exchoffld_buf, ha->exchoffld_size);
return (char *)ptr + be32_to_cpu(c->size);
}
static inline void *
Reported by FlawFinder.
Line: 594
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += sizeof(struct qla2xxx_mqueue_header);
/* Add data. */
memcpy(ptr, aqp->ring, aqp->length * sizeof(request_t));
ptr += aqp->length * sizeof(request_t);
}
return ptr;
Reported by FlawFinder.
Line: 638
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += sizeof(struct qla2xxx_mqueue_header);
/* Add data. */
memcpy(ptr, req->ring, req->length * sizeof(request_t));
ptr += req->length * sizeof(request_t);
}
/* Response queues */
for (que = 1; que < ha->max_rsp_queues; que++) {
Reported by FlawFinder.
Line: 666
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += sizeof(struct qla2xxx_mqueue_header);
/* Add data. */
memcpy(ptr, rsp->ring, rsp->length * sizeof(response_t));
ptr += rsp->length * sizeof(response_t);
}
return ptr;
}
Reported by FlawFinder.
Line: 2493
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
va_list va;
struct va_format vaf;
char pbuf[64];
va_start(va, fmt);
vaf.fmt = fmt;
vaf.va = &va;
Reported by FlawFinder.