The following issues were found
kernel/bpf/local_storage.c
1 issues
Line: 175
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!new)
return -ENOMEM;
memcpy(&new->data[0], value, map->value_size);
check_and_init_map_lock(map, new->data);
new = xchg(&storage->buf, new);
kfree_rcu(new, rcu);
Reported by FlawFinder.
ipc/msg.c
1 issues
Line: 975
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct compat_msgbuf {
compat_long_t mtype;
char mtext[1];
};
long compat_ksys_msgsnd(int msqid, compat_uptr_t msgp,
compat_ssize_t msgsz, int msgflg)
{
Reported by FlawFinder.
kernel/bpf/map_iter.c
1 issues
Line: 81
.show = bpf_map_seq_show,
};
BTF_ID_LIST(btf_bpf_map_id)
BTF_ID(struct, bpf_map)
static const struct bpf_iter_seq_info bpf_map_seq_info = {
.seq_ops = &bpf_map_seq_ops,
.init_seq_private = NULL,
Reported by Cppcheck.
kernel/bpf/preload/bpf_preload_kern.c
1 issues
Line: 77
CWE codes:
570
int err;
err = umd_load_blob(&umd_ops.info, &bpf_preload_umd_start,
&bpf_preload_umd_end - &bpf_preload_umd_start);
if (err)
return err;
bpf_preload_ops = &umd_ops;
return err;
}
Reported by Cppcheck.
kernel/bpf/preload/iterators/bpf_preload_common.h
1 issues
Line: 9
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define BPF_PRELOAD_END 0xAAAA
struct bpf_preload_info {
char link_name[16];
int link_id;
};
#endif
Reported by FlawFinder.
init/do_mounts_rd.c
1 issues
Line: 195
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short rotate = 0;
decompress_fn decompressor = NULL;
#if !defined(CONFIG_S390)
char rotator[4] = { '|' , '/' , '-' , '\\' };
#endif
out_file = filp_open("/dev/ram", O_RDWR, 0);
if (IS_ERR(out_file))
goto out;
Reported by FlawFinder.
kernel/bpf/prog_iter.c
1 issues
Line: 81
.show = bpf_prog_seq_show,
};
BTF_ID_LIST(btf_bpf_prog_id)
BTF_ID(struct, bpf_prog)
static const struct bpf_iter_seq_info bpf_prog_seq_info = {
.seq_ops = &bpf_prog_seq_ops,
.init_seq_private = NULL,
Reported by Cppcheck.
kernel/bpf/ringbuf.c
1 issues
Line: 438
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!rec)
return -EAGAIN;
memcpy(rec, data, size);
bpf_ringbuf_commit(rec, flags, false /* discard */);
return 0;
}
const struct bpf_func_proto bpf_ringbuf_output_proto = {
Reported by FlawFinder.
net/phonet/datagram.c
1 issues
Line: 148
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (msg->msg_name != NULL) {
__sockaddr_check_size(sizeof(sa));
memcpy(msg->msg_name, &sa, sizeof(sa));
*addr_len = sizeof(sa);
}
out:
skb_free_datagram(sk, skb);
Reported by FlawFinder.
include/xen/interface/xen.h
1 issues
Line: 639
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MAX_GUEST_CMDLINE 1024
struct start_info {
/* THE FOLLOWING ARE FILLED IN BOTH ON INITIAL BOOT AND ON RESUME. */
char magic[32]; /* "xen-<version>-<platform>". */
unsigned long nr_pages; /* Total pages allocated to this domain. */
unsigned long shared_info; /* MACHINE address of shared info struct. */
uint32_t flags; /* SIF_xxx flags. */
xen_pfn_t store_mfn; /* MACHINE page number of shared page. */
uint32_t store_evtchn; /* Event channel for store communication. */
Reported by FlawFinder.