The following issues were found
net/core/sock.c
15 issues
Line: 231
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
x "AF_QIPCRTR", x "AF_SMC" , x "AF_XDP" , \
x "AF_MAX"
static const char *const af_family_key_strings[AF_MAX+1] = {
_sock_locks("sk_lock-")
};
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
Reported by FlawFinder.
Line: 234
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_key_strings[AF_MAX+1] = {
_sock_locks("sk_lock-")
};
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
static const char *const af_family_clock_key_strings[AF_MAX+1] = {
_sock_locks("clock-")
};
Reported by FlawFinder.
Line: 237
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
static const char *const af_family_clock_key_strings[AF_MAX+1] = {
_sock_locks("clock-")
};
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
Reported by FlawFinder.
Line: 241
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_sock_locks("clock-")
};
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
};
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
Reported by FlawFinder.
Line: 244
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
};
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
Reported by FlawFinder.
Line: 247
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
Reported by FlawFinder.
Line: 250
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
Reported by FlawFinder.
Line: 253
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
static const char *const af_family_elock_key_strings[AF_MAX+1] = {
_sock_locks("elock-")
};
Reported by FlawFinder.
Line: 256
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
static const char *const af_family_elock_key_strings[AF_MAX+1] = {
_sock_locks("elock-")
};
/*
* sk_callback_lock and sk queues locking rules are per-address-family,
Reported by FlawFinder.
Line: 632
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret = -ENOPROTOOPT;
#ifdef CONFIG_NETDEVICES
struct net *net = sock_net(sk);
char devname[IFNAMSIZ];
int index;
ret = -EINVAL;
if (optlen < 0)
goto out;
Reported by FlawFinder.
drivers/clk/zynqmp/clkc.c
15 issues
Line: 561
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(parents[i].name, "dummy_name");
parent_list[i] = parents[i].name;
} else {
strcat(parents[i].name,
clk_type_postfix[clk_nodes[parents[i].flag - 1].
type]);
parent_list[i] = parents[i].name;
}
}
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @flag: Parent flags
*/
struct clock_parent {
char name[MAX_NAME_LEN];
int id;
u32 flag;
};
/**
Reported by FlawFinder.
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @clk_id: Clock id
*/
struct zynqmp_clock {
char clk_name[MAX_NAME_LEN];
u32 valid;
enum clk_type type;
struct clock_topology node[MAX_NODES];
u32 num_nodes;
struct clock_parent parent[MAX_PARENT];
Reported by FlawFinder.
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct name_resp {
char name[CLK_GET_NAME_RESP_LEN];
};
struct topology_resp {
#define CLK_TOPOLOGY_TYPE GENMASK(3, 0)
#define CLK_TOPOLOGY_CUSTOM_TYPE_FLAGS GENMASK(7, 4)
Reported by FlawFinder.
Line: 235
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qdata.arg1 = clock_id;
zynqmp_pm_query_data(qdata, ret_payload);
memcpy(response, ret_payload, sizeof(*response));
return 0;
}
/**
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qdata.arg2 = index;
ret = zynqmp_pm_query_data(qdata, ret_payload);
memcpy(response, &ret_payload[1], sizeof(*response));
return ret;
}
unsigned long zynqmp_clk_map_common_ccf_flags(const u32 zynqmp_flag)
Reported by FlawFinder.
Line: 366
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qdata.arg2 = index;
ret = zynqmp_pm_query_data(qdata, ret_payload);
memcpy(response, &ret_payload[1], sizeof(*response));
return ret;
}
/**
Reported by FlawFinder.
Line: 391
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qdata.arg1 = clock_id;
ret = zynqmp_pm_query_data(qdata, ret_payload);
memcpy(response, &ret_payload[1], sizeof(*response));
return ret;
}
/**
Reported by FlawFinder.
Line: 485
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
parent = &parents[i];
parent->id = FIELD_GET(CLK_PARENTS_ID, response->parents[i]);
if (response->parents[i] == DUMMY_PARENT) {
strcpy(parent->name, "dummy_name");
parent->flag = 0;
} else {
parent->flag = FIELD_GET(CLK_PARENTS_FLAGS,
response->parents[i]);
if (zynqmp_get_clock_name(parent->id, parent->name))
Reported by FlawFinder.
Line: 558
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ret = of_property_match_string(np, "clock-names",
parents[i].name);
if (ret < 0)
strcpy(parents[i].name, "dummy_name");
parent_list[i] = parents[i].name;
} else {
strcat(parents[i].name,
clk_type_postfix[clk_nodes[parents[i].flag - 1].
type]);
Reported by FlawFinder.
fs/pstore/zone.c
15 issues
Line: 183
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (off > zone->buffer_size)
return -EINVAL;
len = min_t(size_t, len, zone->buffer_size - off);
memcpy(buf, zone->buffer->data + off, len);
return len;
}
static int psz_zone_read_oldbuf(struct pstore_zone *zone, char *buf,
size_t len, unsigned long off)
Reported by FlawFinder.
Line: 195
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (off > zone->buffer_size)
return -EINVAL;
len = min_t(size_t, len, zone->buffer_size - off);
memcpy(buf, zone->oldbuf->data + off, len);
return 0;
}
static int psz_zone_write(struct pstore_zone *zone,
enum psz_flush_mode flush_mode, const char *buf,
Reported by FlawFinder.
Line: 213
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wlen = min_t(size_t, len, zone->buffer_size - off);
if (buf && wlen) {
memcpy(zone->buffer->data + off, buf, wlen);
atomic_set(&zone->buffer->datalen, wlen + off);
}
/* avoid to damage old records */
if (!is_on_panic() && !atomic_read(&pstore_zone_cxt.recovered))
Reported by FlawFinder.
Line: 384
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Recover may on panic, we can't allocate any memory by kmalloc.
* So, we use local array instead.
*/
char buffer_header[sizeof(*buf) + sizeof(*hdr)] = {0};
if (!info->read)
return -EINVAL;
len = sizeof(*buf) + sizeof(*hdr);
Reported by FlawFinder.
Line: 537
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!oldbuf)
return -ENOMEM;
memcpy(oldbuf, &tmpbuf, sizeof(*oldbuf));
buf = (char *)oldbuf + sizeof(*oldbuf);
len = atomic_read(&oldbuf->datalen);
start = atomic_read(&oldbuf->start);
off = zone->off + sizeof(*oldbuf);
Reported by FlawFinder.
Line: 363
Column: 16
CWE codes:
120
20
if (!zone->should_recover)
continue;
buf = zone->buffer;
rcnt = info->read((char *)buf, zone->buffer_size + sizeof(*buf),
zone->off);
if (rcnt != zone->buffer_size + sizeof(*buf))
return (int)rcnt < 0 ? (int)rcnt : -EIO;
}
return 0;
Reported by FlawFinder.
Line: 386
Column: 13
CWE codes:
120
20
*/
char buffer_header[sizeof(*buf) + sizeof(*hdr)] = {0};
if (!info->read)
return -EINVAL;
len = sizeof(*buf) + sizeof(*hdr);
buf = (struct psz_buffer *)buffer_header;
for (i = 0; i < cxt->kmsg_max_cnt; i++) {
Reported by FlawFinder.
Line: 396
Column: 16
CWE codes:
120
20
if (unlikely(!zone))
return -EINVAL;
rcnt = info->read((char *)buf, len, zone->off);
if (rcnt == -ENOMSG) {
pr_debug("%s with id %lu may be broken, skip\n",
zone->name, i);
continue;
} else if (rcnt != len) {
Reported by FlawFinder.
Line: 498
Column: 22
CWE codes:
120
20
return 0;
}
if (unlikely(!info->read))
return -EINVAL;
len = sizeof(struct psz_buffer);
rcnt = info->read((char *)&tmpbuf, len, zone->off);
if (rcnt != len) {
Reported by FlawFinder.
drivers/crypto/atmel-sha.c
15 issues
Line: 259
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef VERBOSE_DEBUG
if (dd->flags & SHA_FLAGS_DUMP_REG) {
char tmp[16];
dev_vdbg(dd->dev, "read 0x%08x from %s\n", value,
atmel_sha_reg_name(offset, tmp, sizeof(tmp), false));
}
#endif /* VERBOSE_DEBUG */
Reported by FlawFinder.
Line: 274
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
#ifdef VERBOSE_DEBUG
if (dd->flags & SHA_FLAGS_DUMP_REG) {
char tmp[16];
dev_vdbg(dd->dev, "write 0x%08x into %s\n", value,
atmel_sha_reg_name(offset, tmp, sizeof(tmp), true));
}
#endif /* VERBOSE_DEBUG */
Reported by FlawFinder.
Line: 388
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
padlen = (index < 112) ? (112 - index) : ((128+112) - index);
*(ctx->buffer + ctx->bufcnt) = 0x80;
memset(ctx->buffer + ctx->bufcnt + 1, 0, padlen-1);
memcpy(ctx->buffer + ctx->bufcnt + padlen, bits, 16);
ctx->bufcnt += padlen + 16;
ctx->flags |= SHA_FLAGS_PAD;
break;
default:
Reported by FlawFinder.
Line: 398
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
padlen = (index < 56) ? (56 - index) : ((64+56) - index);
*(ctx->buffer + ctx->bufcnt) = 0x80;
memset(ctx->buffer + ctx->bufcnt + 1, 0, padlen-1);
memcpy(ctx->buffer + ctx->bufcnt + padlen, &bits[1], 8);
ctx->bufcnt += padlen + 8;
ctx->flags |= SHA_FLAGS_PAD;
break;
}
}
Reported by FlawFinder.
Line: 963
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (ctx->flags & SHA_FLAGS_ALGO_MASK) {
default:
case SHA_FLAGS_SHA1:
memcpy(req->result, ctx->digest, SHA1_DIGEST_SIZE);
break;
case SHA_FLAGS_SHA224:
memcpy(req->result, ctx->digest, SHA224_DIGEST_SIZE);
break;
Reported by FlawFinder.
Line: 967
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case SHA_FLAGS_SHA224:
memcpy(req->result, ctx->digest, SHA224_DIGEST_SIZE);
break;
case SHA_FLAGS_SHA256:
memcpy(req->result, ctx->digest, SHA256_DIGEST_SIZE);
break;
Reported by FlawFinder.
Line: 971
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case SHA_FLAGS_SHA256:
memcpy(req->result, ctx->digest, SHA256_DIGEST_SIZE);
break;
case SHA_FLAGS_SHA384:
memcpy(req->result, ctx->digest, SHA384_DIGEST_SIZE);
break;
Reported by FlawFinder.
Line: 975
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case SHA_FLAGS_SHA384:
memcpy(req->result, ctx->digest, SHA384_DIGEST_SIZE);
break;
case SHA_FLAGS_SHA512:
memcpy(req->result, ctx->digest, SHA512_DIGEST_SIZE);
break;
Reported by FlawFinder.
Line: 979
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case SHA_FLAGS_SHA512:
memcpy(req->result, ctx->digest, SHA512_DIGEST_SIZE);
break;
}
}
static int atmel_sha_finish(struct ahash_request *req)
Reported by FlawFinder.
Line: 1231
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
const struct atmel_sha_reqctx *ctx = ahash_request_ctx(req);
memcpy(out, ctx, sizeof(*ctx));
return 0;
}
static int atmel_sha_import(struct ahash_request *req, const void *in)
{
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c
15 issues
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum {NETDEV_STATS, IXGBE_STATS};
struct ixgbe_stats {
char stat_string[ETH_GSTRING_LEN];
int type;
int sizeof_stat;
int stat_offset;
};
Reported by FlawFinder.
Line: 1029
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < eeprom_len; i++)
le16_to_cpus(&eeprom_buff[i]);
memcpy(bytes, (u8 *)eeprom_buff + (eeprom->offset & 1), eeprom->len);
kfree(eeprom_buff);
return ret_val;
}
Reported by FlawFinder.
Line: 1087
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < last_word - first_word + 1; i++)
le16_to_cpus(&eeprom_buff[i]);
memcpy(ptr, bytes, eeprom->len);
for (i = 0; i < last_word - first_word + 1; i++)
cpu_to_le16s(&eeprom_buff[i]);
ret_val = hw->eeprom.ops.write_buffer(hw, first_word,
Reported by FlawFinder.
Line: 1195
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (new_tx_count != adapter->tx_ring_count) {
for (i = 0; i < adapter->num_tx_queues; i++) {
memcpy(&temp_ring[i], adapter->tx_ring[i],
sizeof(struct ixgbe_ring));
temp_ring[i].count = new_tx_count;
err = ixgbe_setup_tx_resources(&temp_ring[i]);
if (err) {
Reported by FlawFinder.
Line: 1210
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (j = 0; j < adapter->num_xdp_queues; j++, i++) {
memcpy(&temp_ring[i], adapter->xdp_ring[j],
sizeof(struct ixgbe_ring));
temp_ring[i].count = new_tx_count;
err = ixgbe_setup_tx_resources(&temp_ring[i]);
if (err) {
Reported by FlawFinder.
Line: 1227
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < adapter->num_tx_queues; i++) {
ixgbe_free_tx_resources(adapter->tx_ring[i]);
memcpy(adapter->tx_ring[i], &temp_ring[i],
sizeof(struct ixgbe_ring));
}
for (j = 0; j < adapter->num_xdp_queues; j++, i++) {
ixgbe_free_tx_resources(adapter->xdp_ring[j]);
Reported by FlawFinder.
Line: 1233
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (j = 0; j < adapter->num_xdp_queues; j++, i++) {
ixgbe_free_tx_resources(adapter->xdp_ring[j]);
memcpy(adapter->xdp_ring[j], &temp_ring[i],
sizeof(struct ixgbe_ring));
}
adapter->tx_ring_count = new_tx_count;
}
Reported by FlawFinder.
Line: 1243
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Repeat the process for the Rx rings if needed */
if (new_rx_count != adapter->rx_ring_count) {
for (i = 0; i < adapter->num_rx_queues; i++) {
memcpy(&temp_ring[i], adapter->rx_ring[i],
sizeof(struct ixgbe_ring));
/* Clear copied XDP RX-queue info */
memset(&temp_ring[i].xdp_rxq, 0,
sizeof(temp_ring[i].xdp_rxq));
Reported by FlawFinder.
Line: 1265
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < adapter->num_rx_queues; i++) {
ixgbe_free_rx_resources(adapter->rx_ring[i]);
memcpy(adapter->rx_ring[i], &temp_ring[i],
sizeof(struct ixgbe_ring));
}
adapter->rx_ring_count = new_rx_count;
}
Reported by FlawFinder.
Line: 1402
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* BUG_ON(p - data != IXGBE_STATS_LEN * ETH_GSTRING_LEN); */
break;
case ETH_SS_PRIV_FLAGS:
memcpy(data, ixgbe_priv_flags_strings,
IXGBE_PRIV_FLAGS_STR_LEN * ETH_GSTRING_LEN);
}
}
static int ixgbe_link_test(struct ixgbe_adapter *adapter, u64 *data)
Reported by FlawFinder.
tools/perf/util/map.c
15 issues
Line: 47
Column: 12
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (libname)
lib_length = strlen(libname);
app_abi = getenv("APP_ABI");
if (!app_abi)
return false;
app_abi_length = strlen(app_abi);
Reported by FlawFinder.
Line: 61
Column: 14
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
new_length = 7 + app_abi_length + lib_length;
apk_path = getenv("APK_PATH");
if (apk_path) {
new_length += strlen(apk_path) + 1;
if (new_length > PATH_MAX)
return false;
snprintf(newfilename, new_length,
Reported by FlawFinder.
Line: 82
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *arch;
int ndk_length, app_length;
ndk = getenv("NDK_ROOT");
app = getenv("APP_PLATFORM");
if (!(ndk && app))
return false;
Reported by FlawFinder.
Line: 83
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
int ndk_length, app_length;
ndk = getenv("NDK_ROOT");
app = getenv("APP_PLATFORM");
if (!(ndk && app))
return false;
ndk_length = strlen(ndk);
Reported by FlawFinder.
Line: 140
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nsinfo *nnsi;
if (map != NULL) {
char newfilename[PATH_MAX];
struct dso *dso;
int anon, no_dso, vdso, android;
android = is_android_lib(filename);
anon = is_anon_memory(filename) || flags & MAP_HUGETLB;
Reported by FlawFinder.
Line: 335
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
nr = dso__load(map->dso, map);
if (nr < 0) {
if (map->dso->has_build_id) {
char sbuild_id[SBUILD_ID_SIZE];
build_id__sprintf(&map->dso->bid, sbuild_id);
pr_debug("%s with build id %s not found", name, sbuild_id);
} else
pr_debug("Failed to open %s", name);
Reported by FlawFinder.
Line: 409
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t map__fprintf_dsoname(struct map *map, FILE *fp)
{
char buf[symbol_conf.pad_output_len_dso + 1];
const char *dsoname = "[unknown]";
if (map && map->dso) {
if (symbol_conf.show_kernel_path && map->dso->long_name)
dsoname = map->dso->long_name;
Reported by FlawFinder.
Line: 45
Column: 16
CWE codes:
126
libname = strrchr(filename, '/');
if (libname)
lib_length = strlen(libname);
app_abi = getenv("APP_ABI");
if (!app_abi)
return false;
Reported by FlawFinder.
Line: 51
Column: 19
CWE codes:
126
if (!app_abi)
return false;
app_abi_length = strlen(app_abi);
if (strstarts(filename, "/data/app-lib/")) {
char *apk_path;
if (!app_abi_length)
Reported by FlawFinder.
Line: 63
Column: 18
CWE codes:
126
apk_path = getenv("APK_PATH");
if (apk_path) {
new_length += strlen(apk_path) + 1;
if (new_length > PATH_MAX)
return false;
snprintf(newfilename, new_length,
"%s/libs/%s/%s", apk_path, app_abi, libname);
} else {
Reported by FlawFinder.
drivers/clk/clk-stm32f4.c
15 issues
Line: 587
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct stm32f4_pll_data {
u8 pll_num;
u8 n_start;
const char *div_name[MAX_PLL_DIV];
};
static const struct stm32f4_pll_data stm32f429_pll[MAX_PLL_DIV] = {
{ PLL, 192, { "pll", "pll48", NULL } },
{ PLL_I2S, 192, { NULL, "plli2s-q", "plli2s-r" } },
Reported by FlawFinder.
Line: 1119
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ 0 },
};
static const char *rtc_parents[4] = {
"no-clock", "lse", "lsi", "hse-rtc"
};
static const char *pll_src = "pll-src";
Reported by FlawFinder.
Line: 1125
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *pll_src = "pll-src";
static const char *pllsrc_parent[2] = { "hsi", NULL };
static const char *dsi_parent[2] = { NULL, "pll-r" };
static const char *lcd_parent[1] = { "pllsai-r-div" };
Reported by FlawFinder.
Line: 1127
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *pllsrc_parent[2] = { "hsi", NULL };
static const char *dsi_parent[2] = { NULL, "pll-r" };
static const char *lcd_parent[1] = { "pllsai-r-div" };
static const char *i2s_parents[2] = { "plli2s-r", NULL };
Reported by FlawFinder.
Line: 1129
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *dsi_parent[2] = { NULL, "pll-r" };
static const char *lcd_parent[1] = { "pllsai-r-div" };
static const char *i2s_parents[2] = { "plli2s-r", NULL };
static const char *sai_parents[4] = { "pllsai-q-div", "plli2s-q-div", NULL,
"no-clock" };
Reported by FlawFinder.
Line: 1131
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *lcd_parent[1] = { "pllsai-r-div" };
static const char *i2s_parents[2] = { "plli2s-r", NULL };
static const char *sai_parents[4] = { "pllsai-q-div", "plli2s-q-div", NULL,
"no-clock" };
static const char *pll48_parents[2] = { "pll-q", "pllsai-p" };
Reported by FlawFinder.
Line: 1133
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *i2s_parents[2] = { "plli2s-r", NULL };
static const char *sai_parents[4] = { "pllsai-q-div", "plli2s-q-div", NULL,
"no-clock" };
static const char *pll48_parents[2] = { "pll-q", "pllsai-p" };
static const char *sdmux_parents[2] = { "pll48", "sys" };
Reported by FlawFinder.
Line: 1136
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *sai_parents[4] = { "pllsai-q-div", "plli2s-q-div", NULL,
"no-clock" };
static const char *pll48_parents[2] = { "pll-q", "pllsai-p" };
static const char *sdmux_parents[2] = { "pll48", "sys" };
static const char *hdmi_parents[2] = { "lse", "hsi_div488" };
Reported by FlawFinder.
Line: 1138
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *pll48_parents[2] = { "pll-q", "pllsai-p" };
static const char *sdmux_parents[2] = { "pll48", "sys" };
static const char *hdmi_parents[2] = { "lse", "hsi_div488" };
static const char *spdif_parent[1] = { "plli2s-p" };
Reported by FlawFinder.
Line: 1140
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *sdmux_parents[2] = { "pll48", "sys" };
static const char *hdmi_parents[2] = { "lse", "hsi_div488" };
static const char *spdif_parent[1] = { "plli2s-p" };
static const char *lptim_parent[4] = { "apb1_mul", "lsi", "hsi", "lse" };
Reported by FlawFinder.
tools/perf/util/cs-etm.c
15 issues
Line: 2557
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if ((magic != __perf_cs_etmv3_magic) &&
(magic != __perf_cs_etmv4_magic)) {
/* failure - note bad magic value */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
}
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
Reported by FlawFinder.
Line: 2562
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_CPU], val[i++]);
if (magic == __perf_cs_etmv3_magic) {
nr_params = CS_ETM_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETM_ETMCR;
Reported by FlawFinder.
Line: 2563
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_CPU], val[i++]);
if (magic == __perf_cs_etmv3_magic) {
nr_params = CS_ETM_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETM_ETMCR;
/* after common block, offset format index past NR_PARAMS */
Reported by FlawFinder.
Line: 2570
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fmt_offset = CS_ETM_ETMCR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
} else if (magic == __perf_cs_etmv4_magic) {
nr_params = CS_ETMV4_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETMV4_TRCCONFIGR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
Reported by FlawFinder.
Line: 2576
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fmt_offset = CS_ETMV4_TRCCONFIGR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
*offset = i;
return 0;
}
Reported by FlawFinder.
Line: 2595
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETM_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
}
} else if (magic == __perf_cs_etmv4_magic) {
for (j = 0; j < total_params; j++, i++) {
Reported by FlawFinder.
Line: 2597
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (j >= CS_ETM_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
}
} else if (magic == __perf_cs_etmv4_magic) {
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETMV4_PRIV_MAX)
Reported by FlawFinder.
Line: 2603
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETMV4_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
} else {
/* failure - note bad magic value and error out */
Reported by FlawFinder.
Line: 2605
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (j >= CS_ETMV4_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
} else {
/* failure - note bad magic value and error out */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
Reported by FlawFinder.
Line: 2609
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
} else {
/* failure - note bad magic value and error out */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
}
*offset = i;
return 0;
}
Reported by FlawFinder.
drivers/net/ethernet/intel/i40e/i40e_main.c
15 issues
Line: 1679
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* otherwise use default
*/
if (vsi->rss_lut_user)
memcpy(lut, vsi->rss_lut_user, vsi->rss_table_size);
else
i40e_fill_rss_lut(pf, lut, vsi->rss_table_size, vsi->rss_size);
if (vsi->rss_hkey_user)
memcpy(seed, vsi->rss_hkey_user, I40E_HKEY_ARRAY_SIZE);
else
Reported by FlawFinder.
Line: 1683
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
i40e_fill_rss_lut(pf, lut, vsi->rss_table_size, vsi->rss_size);
if (vsi->rss_hkey_user)
memcpy(seed, vsi->rss_hkey_user, I40E_HKEY_ARRAY_SIZE);
else
netdev_rss_key_fill((void *)seed, I40E_HKEY_ARRAY_SIZE);
ret = i40e_config_rss_aq(vsi, seed, lut, vsi->rss_table_size);
kfree(lut);
return ret;
Reported by FlawFinder.
Line: 2293
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool old_overflow, new_overflow;
unsigned int failed_filters = 0;
unsigned int vlan_filters = 0;
char vsi_name[16] = "PF";
int filter_list_len = 0;
i40e_status aq_ret = 0;
u32 changed_flags = 0;
struct hlist_node *h;
struct i40e_pf *pf;
Reported by FlawFinder.
Line: 5843
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* use default.
*/
if (vsi->rss_hkey_user)
memcpy(seed, vsi->rss_hkey_user, I40E_HKEY_ARRAY_SIZE);
else
netdev_rss_key_fill((void *)seed, I40E_HKEY_ARRAY_SIZE);
ret = i40e_config_rss(vsi, seed, lut, vsi->rss_table_size);
if (ret) {
Reported by FlawFinder.
Line: 5969
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* update vsi params
*/
ch->info.mapping_flags = ctxt.info.mapping_flags;
memcpy(&ch->info.queue_mapping,
&ctxt.info.queue_mapping, sizeof(ctxt.info.queue_mapping));
memcpy(&ch->info.tc_mapping, ctxt.info.tc_mapping,
sizeof(ctxt.info.tc_mapping));
return 0;
Reported by FlawFinder.
Line: 5971
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ch->info.mapping_flags = ctxt.info.mapping_flags;
memcpy(&ch->info.queue_mapping,
&ctxt.info.queue_mapping, sizeof(ctxt.info.queue_mapping));
memcpy(&ch->info.tc_mapping, ctxt.info.tc_mapping,
sizeof(ctxt.info.tc_mapping));
return 0;
}
Reported by FlawFinder.
Line: 7840
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mode = mqprio_qopt->mode;
if (!hw) {
pf->flags &= ~I40E_FLAG_TC_MQPRIO;
memcpy(&vsi->mqprio_qopt, mqprio_qopt, sizeof(*mqprio_qopt));
goto config_tc;
}
/* Check if MFP enabled */
if (pf->flags & I40E_FLAG_MFP_ENABLED) {
Reported by FlawFinder.
Line: 7879
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = i40e_validate_mqprio_qopt(vsi, mqprio_qopt);
if (ret)
return ret;
memcpy(&vsi->mqprio_qopt, mqprio_qopt,
sizeof(*mqprio_qopt));
pf->flags |= I40E_FLAG_TC_MQPRIO;
pf->flags &= ~I40E_FLAG_DCB_ENABLED;
break;
default:
Reported by FlawFinder.
Line: 7990
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
ipa = be32_to_cpu(filter->dst_ipv4);
memcpy(&cld->ipaddr.v4.data, &ipa, sizeof(ipa));
}
cld->inner_vlan = cpu_to_le16(ntohs(filter->vlan_id));
/* tenant_id is not supported by FW now, once the support is enabled
Reported by FlawFinder.
Line: 8680
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i40e_vsi_open(struct i40e_vsi *vsi)
{
struct i40e_pf *pf = vsi->back;
char int_name[I40E_INT_NAME_STR_LEN];
int err;
/* allocate descriptors */
err = i40e_vsi_setup_tx_resources(vsi);
if (err)
Reported by FlawFinder.
drivers/infiniband/hw/hns/hns_roce_hw_v1.c
15 issues
Line: 1865
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
MPT_BYTE_4_PAGE_SIZE_S, MR_SIZE_4K);
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_MW_TYPE_S, 0);
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_MW_BIND_ENABLE_S,
(mr->access & IB_ACCESS_MW_BIND ? 1 : 0));
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_OWN_S, 0);
roce_set_field(mpt_entry->mpt_byte_4, MPT_BYTE_4_MEMORY_LOCATION_TYPE_M,
MPT_BYTE_4_MEMORY_LOCATION_TYPE_S, mr->type);
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_ATOMIC_S, 0);
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_LOCAL_WRITE_S,
Reported by FlawFinder.
Line: 1871
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
MPT_BYTE_4_MEMORY_LOCATION_TYPE_S, mr->type);
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_ATOMIC_S, 0);
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_LOCAL_WRITE_S,
(mr->access & IB_ACCESS_LOCAL_WRITE ? 1 : 0));
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_WRITE_S,
(mr->access & IB_ACCESS_REMOTE_WRITE ? 1 : 0));
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_READ_S,
(mr->access & IB_ACCESS_REMOTE_READ ? 1 : 0));
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_INVAL_ENABLE_S,
Reported by FlawFinder.
Line: 1873
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_LOCAL_WRITE_S,
(mr->access & IB_ACCESS_LOCAL_WRITE ? 1 : 0));
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_WRITE_S,
(mr->access & IB_ACCESS_REMOTE_WRITE ? 1 : 0));
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_READ_S,
(mr->access & IB_ACCESS_REMOTE_READ ? 1 : 0));
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_INVAL_ENABLE_S,
0);
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_ADDRESS_TYPE_S, 0);
Reported by FlawFinder.
Line: 1875
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_WRITE_S,
(mr->access & IB_ACCESS_REMOTE_WRITE ? 1 : 0));
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_READ_S,
(mr->access & IB_ACCESS_REMOTE_READ ? 1 : 0));
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_REMOTE_INVAL_ENABLE_S,
0);
roce_set_bit(mpt_entry->mpt_byte_4, MPT_BYTE_4_ADDRESS_TYPE_S, 0);
roce_set_field(mpt_entry->mpt_byte_12, MPT_BYTE_12_PBL_ADDR_H_M,
Reported by FlawFinder.
Line: 215
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
UD_SEND_WQE_U32_40_TRAFFIC_CLASS_S,
ah->av.tclass);
memcpy(&ud_sq_wqe->dgid[0], &ah->av.dgid[0], GID_LEN);
ud_sq_wqe->va0_l =
cpu_to_le32((u32)wr->sg_list[0].addr);
ud_sq_wqe->va0_h =
cpu_to_le32((wr->sg_list[0].addr) >> 32);
Reported by FlawFinder.
Line: 312
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
for (i = 0; i < wr->num_sge; i++) {
memcpy(wqe, ((void *) (uintptr_t)
wr->sg_list[i].addr),
wr->sg_list[i].length);
wqe += wr->sg_list[i].length;
}
ctrl->flag |= cpu_to_le32(HNS_ROCE_WQE_INLINE);
Reported by FlawFinder.
Line: 887
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attr.port_num = port + 1;
attr.dest_qp_num = hr_qp->qpn;
memcpy(rdma_ah_retrieve_dmac(&attr.ah_attr),
hr_dev->dev_addr[port],
ETH_ALEN);
memcpy(&dgid.raw, &subnet_prefix, sizeof(u64));
memcpy(&dgid.raw[8], hr_dev->dev_addr[port], 3);
Reported by FlawFinder.
Line: 891
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hr_dev->dev_addr[port],
ETH_ALEN);
memcpy(&dgid.raw, &subnet_prefix, sizeof(u64));
memcpy(&dgid.raw[8], hr_dev->dev_addr[port], 3);
memcpy(&dgid.raw[13], hr_dev->dev_addr[port] + 3, 3);
dgid.raw[11] = 0xff;
dgid.raw[12] = 0xfe;
dgid.raw[8] ^= 2;
Reported by FlawFinder.
Line: 892
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ETH_ALEN);
memcpy(&dgid.raw, &subnet_prefix, sizeof(u64));
memcpy(&dgid.raw[8], hr_dev->dev_addr[port], 3);
memcpy(&dgid.raw[13], hr_dev->dev_addr[port] + 3, 3);
dgid.raw[11] = 0xff;
dgid.raw[12] = 0xfe;
dgid.raw[8] ^= 2;
rdma_ah_set_dgid_raw(&attr.ah_attr, dgid.raw);
Reported by FlawFinder.
Line: 893
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&dgid.raw, &subnet_prefix, sizeof(u64));
memcpy(&dgid.raw[8], hr_dev->dev_addr[port], 3);
memcpy(&dgid.raw[13], hr_dev->dev_addr[port] + 3, 3);
dgid.raw[11] = 0xff;
dgid.raw[12] = 0xfe;
dgid.raw[8] ^= 2;
rdma_ah_set_dgid_raw(&attr.ah_attr, dgid.raw);
Reported by FlawFinder.