The following issues were found
kernel/futex.c
1 issues
Line: 1647
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {
if (oparg < 0 || oparg > 31) {
char comm[sizeof(current->comm)];
/*
* kill this print and return -EINVAL when userspace
* is sane again
*/
pr_info_ratelimited("futex_wake_op: %s tries to shift op by %d; fix this program\n",
Reported by FlawFinder.
kernel/gcov/clang.c
1 issues
Line: 302
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
}
memcpy(fn_dup->counters, fn->counters, cv_size);
return fn_dup;
}
/**
Reported by FlawFinder.
kernel/gcov/gcc_4_7.c
1 issues
Line: 318
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_free;
dci_ptr->num = sci_ptr->num;
memcpy(dci_ptr->values, sci_ptr->values, cv_size);
sci_ptr++;
dci_ptr++;
}
}
Reported by FlawFinder.
net/netfilter/nfnetlink_cthelper.c
1 issues
Line: 246
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
helper->data_len = size;
helper->flags |= NF_CT_HELPER_F_USERSPACE;
memcpy(&helper->tuple, tuple, sizeof(struct nf_conntrack_tuple));
helper->me = THIS_MODULE;
helper->help = nfnl_userspace_cthelper;
helper->from_nlattr = nfnl_cthelper_from_nlattr;
helper->to_nlattr = nfnl_cthelper_to_nlattr;
Reported by FlawFinder.
net/netfilter/nfnetlink_cttimeout.c
1 issues
Line: 157
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (ret < 0)
goto err;
strcpy(timeout->name, nla_data(cda[CTA_TIMEOUT_NAME]));
timeout->timeout.l3num = l3num;
timeout->timeout.l4proto = l4proto;
refcount_set(&timeout->refcnt, 1);
list_add_tail_rcu(&timeout->head, &pernet->nfct_timeout_list);
Reported by FlawFinder.
net/qrtr/qrtr.c
1 issues
Line: 1128
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qaddr.sq_family = AF_QIPCRTR;
memcpy(saddr, &qaddr, sizeof(qaddr));
return sizeof(qaddr);
}
static int qrtr_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
Reported by FlawFinder.
include/uapi/rdma/siw-abi.h
1 issues
Line: 120
Column: 17
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
};
union {
struct siw_sge sge[SIW_MAX_SGE];
__aligned_u64 access;
};
};
/* Receive Queue Element */
struct siw_rqe {
Reported by FlawFinder.
kernel/kcov.c
1 issues
Line: 939
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bytes_to_move = min(dst_free, src_len << entry_size_log);
dst_entries = dst_area + dst_occupied;
src_entries = src_area + count_size;
memcpy(dst_entries, src_entries, bytes_to_move);
entries_moved = bytes_to_move >> entry_size_log;
switch (mode) {
case KCOV_MODE_TRACE_PC:
WRITE_ONCE(*(unsigned long *)dst_area, dst_len + entries_moved);
Reported by FlawFinder.
include/uapi/rdma/hfi/hfi1_user.h
1 issues
Line: 183
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hfi1_status {
__aligned_u64 dev; /* device/hw status bits */
__aligned_u64 port; /* port state and status bits */
char freezemsg[0];
};
enum sdma_req_opcode {
EXPECTED = 0,
EAGER
Reported by FlawFinder.
include/uapi/mtd/inftl-user.h
1 issues
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __attribute__((packed));
struct INFTLMediaHeader {
char bootRecordID[8];
__u32 NoOfBootImageBlocks;
__u32 NoOfBinaryPartitions;
__u32 NoOfBDTLPartitions;
__u32 BlockMultiplierBits;
__u32 FormatFlags;
Reported by FlawFinder.